EUVD-2026-32078

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

PT-2026-39551

A flaw has been found in Squirrel up to 3.2. Impacted is the function validate format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackEOSImageFormat and ptpunpackEOSCustomFuncEx functions due to missing length validation for input buffers. An attacker can cause the application to read out-of-bounds memory by supplying crafted data to...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

aiven-extras 代码问题漏洞

aiven-extras is an aiven open source tool that enables non-super users to access certain database functions. A code issue vulnerability exists in aiven-extras versions prior to 1.1.15, which stems from a format function that does not use a schema prefix, and could lead to elevated privileges...

The vulnerability of the imgu_fmt() function in the drivers/staging/media/ipu3/ipu3-v4l2.c file of the Intel ipu3Imgdu driver for the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the imgufmt function in the drivers/staging/media/ipu3/ipu3-v4l2.c file of the Intel ipu3-imgu driver for the Linux operating system is related to incorrect calculations of the size of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise t...

Information Disclosure

yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account credentials...

PT-2024-18920 · Unknown · Web3-Utils

Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...

Prototype Pollution

Overview web3-utils is a Collection of utility functions used in web3.js. Affected versions of this package are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading ...

CVE-2023-41050 Information disclosure through Python's "format" functionality in Zope AccessControl

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

SUSE CVE-2020-36403

HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat called from vcfparse and vcfread...

The vulnerability of the `format()` function in the Django web development framework allows a attacker to trigger a denial-of-service attack. [source-iocs-preserved method=django.utils.numberformat.format()]

The vulnerability of the django.utils.numberformat.format function in the Django web development framework is related to uncontrolled memory consumption, which can lead to a complete exhaustion of resources. Exploiting this vulnerability may allow an attacker to cause a service failure...

UBUNTU-CVE-2016-10745

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape...

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

PT-2019-4623 · Django +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.18 Django versions 2.0.x through 2.0.10 Django versions 2.1.x through 2.1.5 Description: The issue is related to uncontrolled memory consumption, which can lead to a complete depletion of resources,...