6109 matches found
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview org.webjars.npm:mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause arbitrary CSS...
CVE-2025-64695
Uncontrolled search path element issue exists in the installer of LogStare Collector for Windows. If exploited, arbitrary code may be executed with the privilege of the user invoking the installer...
PT-2025-51668
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the rtl8723bs driver. Specifically, a stack buffer overflow can occur during the parsing of Supported Rates Information Element IE within...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198659
Malicious code in react-element-prompt-inspector npm...
OSV-2025-930 Dynamic-stack-buffer-overflow in _ox_err_set_with_location
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=462353164 Crash type: Dynamic-stack-buffer-overflow READ 1 Crash state: oxerrsetwithlocation readelement oxparse...
CVE-2025-64695
Uncontrolled search path element issue exists in the installer of LogStare Collector for Windows. If exploited, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2025-64695
Uncontrolled search path element issue exists in the installer of LogStare Collector for Windows. If exploited, arbitrary code may be executed with the privilege of the user invoking the installer...
EUVD-2025-198417
Uncontrolled search path element issue exists in the installer of LogStare Collector for Windows. If exploited, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2025-63211
Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint...
WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability
WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
CVE-2025-13196
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
bpf: fix potential 32-bit overflow when accessing ARRAY map element
...
Bridgetech VBC Server & Element Manager 安全漏洞
Bridgetech VBC Server & Element Manager is a broadcast core software platform from Bridgetech Norway. A security vulnerability exists in Bridgetech VBC Server & Element Manager versions 6.5.0-10 and 6.5.0-9, which originates from a vulnerability that could allow an unauthorized attacker to delete...
PT-2025-47515
Name of the Vulnerable Software and Affected Versions bridgetech VBC Server & Element Manager versions 6.5.0-9 through 6.5.0-10 Description A stored cross-site scripting issue exists in bridgetech VBC Server & Element Manager. Successful exploitation allows attackers to execute arbitrary code. Th...
CVE-2025-63214
The CVE-2025-63214 affects bridgetech VBC Server & Element Manager, firmware 6.5.0-9 and 6.5.0-10, allowing unauthorized attackers to delete and create arbitrary accounts. Public sources (PT-2025-47526) recommend updating to a version newer than 6.5.0-10. Risk/exploitation details are not specifi...
PT-2025-47526
Name of the Vulnerable Software and Affected Versions bridgetech VBC Server & Element Manager versions 6.5.0-9 through 6.5.0-10 Description An issue exists in bridgetech VBC Server & Element Manager that allows unauthorized attackers to create and delete arbitrary accounts. Recommendations Update...