30561 matches found
CVE-2026-28211
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
CVE-2026-28211
The CVE affects the NVDA Dev & Test Toolbox add-on (Log Reader feature) with versions 2.0–8.0. Reading a crafted log file via log reading commands triggers unsafe evaluation of Python expressions embedded in log entries, allowing attacker-controlled code to execute with the current user’s privile...
CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
CVE-2026-28211
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
EUVD-2026-8910
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
CVE-2026-27627
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
PT-2026-22208
Name of the Vulnerable Software and Affected Versions NVDA Dev & Test Toolbox versions 2.0 through 8.0 Description A security issue exists in the Log Reader feature of the NVDA Dev & Test Toolbox add-on. Maliciously crafted log files can lead to arbitrary code execution when a user reads them usi...
NVDA Dev & Test Toolbox 安全漏洞
NVDA Dev & Test Toolbox is a debugging and testing tool developed by Cyrille Bougot as an individual contributor. Versions 2.0 to 8.0 of NVDA Dev & Test Toolbox contain security vulnerabilities. These vulnerabilities stem from the log reader’s handling of Python expressions in log files in an...
Linux Distros Unpatched Vulnerability : CVE-2026-25967
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists i...
CVE-2026-27627
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
CVE-2026-27627
Summary: CVE-2026-27627 affects Karakeep’s Reddit metascraper path. In version 0.30.0, the HTML returned as readableContentHtml by the Reddit plugin is consumed directly by the HTML parsing subprocess without DOMPurify sanitization, while other content sources go through Readability + DOMPurify. ...
CVE-2026-27627
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...
SUSE CVE-2026-25967
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-1...
PT-2026-21852
Name of the Vulnerable Software and Affected Versions Karakeep version 0.30.0 Description Karakeep is an elf-hostable bookmark-everything app. Version 0.30.0 does not properly sanitize HTML content received from the Reddit metascraper plugin. Specifically, when the plugin returns...
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field
Summary A stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. ================================================================= ==3537074==ERROR: AddressSanitizer: stack-buffer-overflow on...
GHSA-72HF-FJ62-W6J4 ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field
Summary A stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. ================================================================= ==3537074==ERROR: AddressSanitizer: stack-buffer-overflow on...
CVE-2026-25967
A flaw was found in ImageMagick. A remote attacker could exploit a stack-based buffer overflow vulnerability in the FTXT image reader. By providing a specially crafted FTXT file, an attacker could cause out-of-bounds writes on the stack, leading to a crash and resulting in a Denial of Service DoS...