EUVD-2025-199882

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib...

FontTools 安全漏洞

FontTools is a FontTools open source library written in Python for manipulating fonts. A security vulnerability exists in FontTools version 4.33.0 through versions prior to 4.60.2, which stems from an arbitrary file write when processing a malicious .designspace file, and could lead to remote cod...

Statamic CMS remote code execution via front-end form uploads

Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

Statamic Code Issue Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in files instead of databases. A security vulnerability exists in Statamic that stems from allowing an attacker to upload a crafted PHP file via the asset upload field...

Facebook HHVM 资源管理错误漏洞

Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM, which arises from the deserialization of objects with dynamic attributes, resulting in the...

Facebook HHVM 安全漏洞

Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM. The following products and versions are affected: 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1,...

Facebook HHVM 缓冲区错误漏洞

Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A vulnerability exists in HHVM. The following products and versions are affected: 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0,...

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between 4.9.0 and 4.32.0 inclusive, and versio...

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSONparser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between...

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSONparser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between...

CVE-2020-1893

CVE-2020-1893: Insufficient boundary checks when decoding JSON in TryParse leads to out-of-bounds reads and potential DOS in HHVM. Affected versions per provided docs include HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0; versions 4.33.0–4.38.0; versions 4.9.0–4.32.0; and all versio...

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSONparser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between...

CVE-2019-16371

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...

Unspecified Vulnerability in LogMeIn LastPass

LogMeIn LastPass is a cross-platform online password management tool from LogMeIn USA. A security vulnerability exists in LogMeIn LastPass versions prior to 4.33.0. An attacker could exploit the vulnerability by building a specially crafted website to capture credentials for user accounts...

CVE-2008-5541

CVE-2008-5541 affects Sophos Anti-Virus 4.33.0 and describes a bypass of malware detection in HTML documents when Internet Explorer 6/7 is used. The underlying issue is an attacker placing an MZ header (the "EXE info") at the beginning of a document and altering the filename to have no extension,...