UBUNTU-CVE-2022-43040

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gfisomboxdumpstartex at /isomedia/boxfuncs.c...

GPAC 缓冲区错误漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.1-DEV-rev368-gfd054169b-master, which stems from a heap buffer overflow in the gfisomboxdumpstartex function in /isomedia/boxfuncs.c. The vulnerability is caused by a heap buffer overflow...

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...

tickCumulative may be overflow. New timepoints can't be created and the system will be completely broken.

Lines of code Vulnerability details Impact tickCumulative may be overflow. New timepoints can't be created and the system will be completely broken. Proof of Concept Write function call createNewTimepoint. createNewTimepoint increases cumulative value. function createNewTimepoint Timepoint memory...

FeehiCMS Cross-Site Scripting Vulnerability

FeehiCMS is a Php-based CMS builder by Liufee's personal developer. feehiCMS version v2.1.1 has a security vulnerability that stems from the ability to inject carefully crafted payloads via the comment box under the single page module. No detailed vulnerability details are currently available...

Cross site scripting

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted payload injected into the Comment box under the Single Page module...

CVE-2022-40408

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted payload injected into the Comment box under the Single Page module...

PT-2022-25371 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS versions 2.0.1.1 and prior Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via a crafted payload injected into the Comment box under the Single Page module...

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php-based CMS builder by Liufee's personal developer. feehiCMS version v2.1.1 has a security vulnerability that stems from the ability to inject carefully crafted payloads via the comment box under the single page module. No detailed vulnerability details are currently available...

ZTE ZXvSTB License Issue Vulnerability

ZTE ZXvSTB is a cloud-enabled set-top box from China's ZTE. The ZTE ZXvSTB suffers from an authorization issue vulnerability that stems from improper privilege control, which can be exploited by an attacker to remove the default application type and affect the normal use of the system...

brain-box-berlin.com Cross Site Scripting vulnerability OBB-2950057

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system...

Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...

GHSA-JQM7-M5Q7-3HM5 TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`

Impact When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=1, 3, 2, 3, shape=1, 3, 2, 3, dtype=tf.half...

GHSA-C8FJ-4PM8-MP2C Broken Authorization in ZITADEL Actions

Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...

Broken Authorization in ZITADEL Actions

Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...

Pagekit CMS cross-site scripting in Markdown text box where articles are edited

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...

CVE-2022-36573

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...

CVE-2022-36573

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...

CVE-2022-36573

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...