CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

CVE-2025-12651 Live Photos on WordPress <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

PT-2025-46284

Name of the Vulnerable Software and Affected Versions Live Photos on WordPress plugin versions prior to 0.1 Description The Live Photos on WordPress plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

WordPress plugin Live Photos on WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2011-3844

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2011-3890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

Linux Distros Unpatched Vulnerability : CVE-2018-6360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and...

Smarts Smart Agent 安全漏洞

Smarts Smart Agent is a powerful, flexible and extensible tool from Smarts for monitoring wireless network performance and services from the end user's perspective. A security vulnerability exists in Smarts Smart Agent version v1.1.0, which stems from the /FB/getFbVideoSource.php page containing ...

PT-2024-34397 · Unknown · Smart Agent

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: A Server-Side Request Forgery SSRF issue allows a remote attacker to obtain sensitive information via a crafted script to the "/FB/getFbVideoSource.php" component. This enables the attacker to access...

SUSE CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

Moodle 3.10.3 Cross Site Scripting

Exploit Title: Moodle 3.10.3 Calendar Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month My Youtube...

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE: CVE-2018-17128 Description: Attacker can run JavaScript...

Genivia gSOAP Devil's Ivy Stack Buffer Overflow Vulnerability

gSOAP is a widely used Web services toolkit. Developers use gSOAP as part of a software stack that enables various devices to communicate with the Internet. Genivia gSOAP suffers from a Devil's Ivy stack buffer overflow vulnerability that allows an attacker to remotely corrupt the SOAP web servic...

cine.com XSS vulnerability

Open Bug Bounty ID: OBB-47149 Description| Value ---|--- Affected Website:| cine.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

CVE-2011-3890

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling...

UBUNTU-CVE-2011-3890

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling...

CVE-2011-3890

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling...