306 matches found
IrfanView CADImage Plugin 缓冲区错误漏洞
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...
GStreamer 安全漏洞
GStreamer is a GStreamer open source set of frameworks for processing streaming media. A security vulnerability exists in GStreamer that stems from parsing H266 sei messages without properly validating the length of user-supplied data, which could lead to remote code execution...
CVE-2025-3117
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3905
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3899
CVE-2025-3899 impacts Schneider Electric Modicon Controllers’ web interface (Certificates page). The issue is a Cross-Site Scripting (CWE-79) vulnerability caused by improper input neutralization during web page generation, allowing an authenticated malicious user to inject unvalidated data that ...
CVE-2025-3899
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
PT-2025-24629 · Unknown · Vwebserver
Name of the Vulnerable Software and Affected Versions: Webserver affected versions not specified Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This could allow an authenticated malicious user to inject...
Sonos Era 300 缓冲区错误漏洞
Sonos Era 300 is a spatial audio speaker with Dolby Atmos Dolby Atmos from Sonos USA. The Sonos Era 300 suffers from a buffer error vulnerability that stems from unvalidated user data during HLS playlist data processing, which could lead to out-of-bounds writes and remote code execution...
GIMP 缓冲区错误漏洞
GIMP is an open source bitmap image editor from the GIMP team. GIMP suffers from a buffer error vulnerability that stems from unvalidated user data during FLI file parsing, which could lead to out-of-bounds writes and remote code execution...
CVE-2025-1440
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...
WordPress plugin Advanced iFrame 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS)
Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...
CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS)
Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...
CVE-2025-22624 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php...
DEBIAN-CVE-2023-6604
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...
PT-2024-17646 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this...
PT-2024-17110 · Luxion · Luxion Keyshot
Name of the Vulnerable Software and Affected Versions: Luxion KeyShot affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this issue, where the target must...
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
PT-2024-39798 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...
CVE-2024-6411
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pmuploadimage' AJAX action. This makes it possible for authenticated...