Design/Logic Flaw

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an...

Storm 2 mps. the dll component multiple buffer overflow vulnerabilities-vulnerability warning-the black bar safety net

Online burst a storm of the activex vulnerability, the call is rawParse this method, so simple to see, found the problem quite a bit. These issues are able to control eip or seh, that is each vulnerability can lead to arbitrary code execution. Affected versions: storm 2other not tested Unaffected...

Code injection

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...

CVE-2007-2722

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...

Code injection

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast url attribute of an enclosure tag, or $encurl variable, which is executed when running wget...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...