1062 matches found
CVE-2026-42996
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...
CVE-2026-42996
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...
CVE-2026-42996
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...
EUVD-2026-26482
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...
CVE-2026-42996
The CVE-2026-42996 entry describes a stack-based buffer overflow in JS8Call prior to 2.3.1 and in JS8Call-improved prior to 3.0, triggered by a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. Affects APRSISClient.cpp grid2deg; CVSSv4 scores indicate CRITICAL impact on co...
CVE-2026-42996
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...
PT-2026-36303
Name of the Vulnerable Software and Affected Versions JS8Call versions prior to 2.3.2 JS8Call-improved versions prior to 3.0 Description A stack-based buffer overflow occurs during the processing of a radio transmission containing @APRSIS GRID followed by a long Maidenhead locator. This issue is...
EUVD-2018-21825
Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-014319)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014319 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD...
EUVD-2026-25172
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3361
CVE-2026-3361 affects the WordPress plugin WP Store Locator (versions up to 2.2.261). It describes a Stored Cross-Site Scripting vulnerability through the post meta field wpsl_address , caused by insufficient input sanitization and output escaping. The issue enables authenticated users with contr...
WordPress WP Store Locator plugin <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpsladdress' Post Meta vulnerability discovered by kai63001 in WordPress Plugin WP Store Locator versions = 2.2.261...
WordPress plugin WP Store Locator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-34631
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
AgentScope 安全漏洞
AgentScope is an open-source application developed by ModelScope. It simplifies the development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contained a security vulnerability, which was caused by incorrect handling of the parameter url in the file...