CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

EUVD-2026-25088

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

PT-2026-34557

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.0 Description An authenticated attacker can persist crafted values in multiple field types to trigger client-side script execution when another user opens the affected document in Desk. This occurs because vulnerable...

libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior,...

EUVD-2013-4995

Malware in sbrugna...

EUVD-2013-4389

Malware in sbrugna...

EUVD-2016-4895

Malware in sbrugna...

CLSA-2025-1740740956 flatpak: Fix of CVE-2023-28101

CVE-2023-28101: fix issue of hiding elevated permissions by setting crafted values containing non-printable control characters...

The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software allows a hacker to execute arbitrary commands.

The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software is related to the absence of a mechanism to neutralize these elements in the CSV file. Exploiting this vulnerability allows a remote attacker to execute arbitrary DDE...

Denial Of Service (DoS)

org.apache.commons: commons-compress is vulnerable to Denial Of Service. The vulnerability is due to an infinite loop when parsing dump files, which allows an attacker to inject crafted values to cause Denial of Service DoS...

RHEL 8 : flatpak (RHSA-2023:7038)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7038 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgrad...

flatpak: Metadata with ANSI control codes can cause misleading terminal output

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the flatpak1 command-line interface by setting...

K17382: OpenSSL vulnerability CVE-2010-4252

Security Advisory Description OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in ea...

SUSE CVE-2012-2694

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

SUSE CVE-2013-2135

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

SUSE CVE-2014-8103

X.Org Server aka xserver and xorg-server 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1 sprocdri3queryversion, 2 sprocdri3open, 3...

SUSE CVE-2017-6355

Integer overflow in the vrendcreateshader function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service process crash via crafted pktlength and offlen values, which trigger an out-of-bounds access...

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan() leading to a Denial of Service.

...