17 matches found
CVE-2026-8484
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
CVE-2026-8484
The CVE-2026-8484 entry describes a heap buffer overflow in the Jansi JNI"ioctl()" wrapper caused by missing size verification of the argument array before the system call. Affected software is Jansi (JNI wrapper) and, per sources, all versions are believed vulnerable. Consequences stated are hea...
EUVD-2026-37064
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
EUVD-2020-0030
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-28688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went t...
CVE-2025-7761 Reflected XSS in Lepszy BIP
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did no...
GHSA-VXR4-RXW7-G7V6 Prototype Pollution in comb
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...
ALPINE-CVE-2019-19582
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service infinite loop because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which...
GHSA-V63X-XC9J-HHVQ Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The package is...
GHSA-98F7-P5RC-JX67 Materialize-css vulnerable to Cross-site Scripting in tooltip component
All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available. Consider...
GHSA-QW93-45R3-P66P Prototype Pollution in merge-options
All versions of merge-options are vulnerable to Prototype Pollution Recommendation Update to version 1.0.1 or greater...
Zenbership has multiple vulnerabilities
Zenbership is an open source customer relationship management platform. All versions of Zenbership suffer from a cross-site scripting vulnerability and a cross-site request forgery vulnerability that can be exploited by an attacker to steal cookie-based authentication or inject malicious scripts...
NPDS 4.8/5.0 - 'pollcomments.php?thold' SQL Injection
source: https://www.securityfocus.com/bid/13649/info NPDS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'thold' parameter. Successful exploitation could result in a compromise of the application,...
SiteEnable - SQL Injection
source: https://www.securityfocus.com/bid/12985/info SiteEnable is reported prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation cou...
OutStart Participate Enterprise 3 - Multiple Access Validation Vulnerabilities
source: https://www.securityfocus.com/bid/12752/info Participate Enterprise is reported prone to multiple access validation vulnerabilities. These issues may allow remote attackers to disclose sensitive information and corrupt and delete data that can ultimately lead to a denial of service...
PhotoADay - 'Pad_selected' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious U...
GNU Chess 5.0 - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/8097/info A local buffer overflow has been reported for GNU Chess that may result in an attacker obtaining elevated privileges. The vulnerability exists due to insufficient boundary checks performed on some commandline options. Successful exploitation...