Lucene search
K

19 matches found

OSV
OSV
added 2026/06/19 5:45 p.m.7 views

GHSA-9WXG-VF3R-56HC OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source

Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...

3.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.6 views

CVE-2018-25314 Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

8.6CVSS6.3AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-35998

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...

8.6CVSS6.7AI score0.00163EPSS
Exploits0References5
NVD
NVD
added 2026/03/06 10:16 p.m.8 views

CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

6.1CVSS0.00231EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/06 9:13 p.m.6 views

EUVD-2026-10079

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

2.1CVSS5.8AI score0.00231EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/06 9:13 p.m.5 views

CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php)

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

2.1CVSS5.8AI score0.00231EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:13 p.m.6 views

CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

2.1CVSS5.8AI score0.00231EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/06 9:13 p.m.19 views

CVE-2026-30237

Group-Office (enterprise CRM/groupware) is affected by a reflected XSS in the installer at install/license.php. Versions prior to 6.8.155, 25.0.88, and 26.0.10 render the POST parameter license inside a textarea without escaping, enabling a breakout sequence such as . This could allow arbitrary s...

6.1CVSS5.8AI score0.00231EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23757

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 Description Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting XSS issue...

2.1CVSS5.7AI score0.00231EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.6 views

CVE-2019-25405

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...

7.2CVSS5.6AI score0.00296EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/18 9:55 p.m.24 views

CVE-2019-25363 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...

8.4CVSS0.00373EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/18 9:55 p.m.3 views

CVE-2019-25363 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...

8.4CVSS5.9AI score0.00373EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 9:55 p.m.10 views

CVE-2019-25363

CVE-2019-25363 concerns WMV to AVI MPEG DVD WMV Convertor 4.6.1217. The connected documents confirm a buffer overflow in the product’s input handling, specifically when a user pastes a ~6000‑byte payload into the 'License Name and License Code' field, which triggers an application crash. This vul...

8.4CVSS5.9AI score0.00373EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20538

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...

8.4CVSS5.9AI score0.00373EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:37 p.m.3 views

CVE-2020-37184

Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the...

9.8CVSS6AI score0.00419EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.3 views

CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...

8.4CVSS6.2AI score0.00157EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 6:16 p.m.11 views

CVE-2020-36971

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

8.4CVSS0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.5 views

EUVD-2020-30878

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

8.4CVSS6.5AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:35 p.m.5 views

CVE-2020-36971

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

8.4CVSS6.5AI score0.00154EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder