23059 matches found
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
PYSEC-2025-139
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...
CVE-2025-62609 MLX has Wild Pointer Dereference in load_gguf()
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...
GHSA-J842-XGM4-WF88 MLX has Wild Pointer Dereference in load_gguf()
Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...
MLX has Wild Pointer Dereference in load_gguf()
Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...
EUVD-2025-198413
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-11803
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
EUVD-2025-198388
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
CVE-2025-11803 WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
CVE-2025-11803 WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
CVE-2025-11770
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-11770
The BrightTALK WordPress Shortcode plugin (WordPress) is vulnerable to Stored Cross-Site Scripting via the format attribute of the brighttalk-time shortcode in all versions up to 2.4.0. The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers wit...
CVE-2025-11770 BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-11770 BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
EUVD-2025-198351
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...
CVE-2025-52666
Summary: CVE-2025-52666 affects Revive Adserver (versions 5.5.2, 6.0.1 and earlier). The issue is an improper neutralisation of format characters in the settings, which leads to a fatal PHP error that can cause the administrator user console to be disabled. The incident is described across multip...