Lexmark International X1185 Improper Privilege Management (CVE-2006-0577)

Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the Appearance dialog and selecting the Additional styles skins are available on the Lexmark web site option, which launches a web browser that is running with SYSTEM privileges. This plugin only works with...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

PT-2026-33240

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 10.5.9 Drupal versions prior to 10.6.7 Drupal versions prior to 11.2.11 Drupal versions prior to 11.3.7 Description Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain...

Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting XSS vulnerability...

EUVD-2026-22273

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

EUVD-2026-22276

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4344

CVE-2026-4344 describes a Stored XSS vulnerability in the Autodesk Fusion desktop application. A malicious HTML payload in the component name, when shown in a delete confirmation dialog and clicked by a user, can execute script in the user’s context. The CVE notes potential to read local files or...

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

PT-2026-32644

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

PT-2026-32646

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

EUVD-2019-20135

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries a...

EUVD-2019-20124

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

CVE-2019-25689

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

CVE-2019-25689 HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

CVE-2019-25689

CVE-2019-25689 affects HTML5 Video Player version 1.2.5. The vulnerability is a local buffer overflow triggered by an oversized key code string entered into the KEY CODE field in the Help Register dialog, enabling arbitrary code execution and allowing an attacker to spawn a calculator process. Do...

CVE-2018-25258

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

PT-2026-32159

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...