2463 matches found
📄 Blesta 5.13.1 Cross Site Scripting
Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
EUVD-2020-30999
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066 GoldWave 5.70 – Buffer Overflow (SEH Unicode)
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066 GoldWave 5.70 – Buffer Overflow (SEH Unicode)
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow in the File Open URL dialog, triggered by crafted Unicode text input that leads to a stack-based overflow and arbitrary code execution when the file is opened. The vulnerability affects the dialog’s handling of input in the URL/open file workflow and is de...
GoldWave 安全漏洞
GoldWave is a digital audio editing software developed by GoldWave Corporation. Version 5.70 of GoldWave contains a security vulnerability, which stems from a buffer overflow in the dialog box for opening URLs. This vulnerability could allow for the execution of arbitrary code...
PT-2026-5817
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
The CVE-2026-1446 entry describes a Cross-Site Scripting (XSS) flaw in Esri ArcGIS Pro, affecting version 3.6.0 and earlier. The issue arises when a local attacker (with standard local access) supplies malicious strings that are rendered/executed when a specific ArcGIS Pro dialog is opened. Explo...
EUVD-2026-4668
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2025-59093
Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...
Esri ArcGIS Pro cross-site scripting vulnerability
Esri ArcGIS Pro is a geographic information system software developed by the American company Esri. Versions of Esri ArcGIS Pro prior to 3.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for local attackers to inject malicious strings, potentially...
PT-2026-4787
Name of the Vulnerable Software and Affected Versions Esri ArcGIS Pro versions 3.6.0 and earlier Description A Cross Site Scripting issue exists in Esri ArcGIS Pro. A local attacker could provide malicious strings to ArcGIS Pro, which may execute when a specific dialog is opened. Recommendations...
CVE-2026-0533
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...