CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

CVE-2026-25126

PolarLearn prior to version 0-PRERELEASE-15 is vulnerable in the vote API at POST /api/v1/forum/vote, where the request body field direction is not validated at runtime. This allows sending arbitrary strings; downstream VoteServer treats any non-up and non-null value as a downvote and stores the ...

CVE-2025-42620

The CVE-2025-42620 issue affects Vulnerability-Lookup prior to 2.18.0. The root cause is unsafe handling of user-controlled content in comments and bundles: the backend’s related_vulnerabilities field accepts unvalidated strings, while the frontend converts Markdown to HTML and injects it into th...

EUVD-2018-11198

Malware in sbrugna...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2024-582)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-582 advisory. Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a...

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

CVE-2021-34559

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...

CVE-2021-34559 A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...

Authorization Bypass

ruby is vulnerable to authorization bypass. A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted...

Cross site scripting

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

CVE-2013-0184

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

CVE-2013-0184

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

ruby security, bug fix, and enhancement update

1.8.7.352-3 - mkconfig.rb: fix for continued lines. ruby-1.8.7-p352-mkconfig.rb-fix-for-continued-lines.patch - Resolves: rhbz730287 1.8.7.352-2 - Fix of ruby interpreter crash in FIPS mode. ruby-1.8.7-FIPS.patch - Resolves: rhbz717709 1.8.7.352-1 - Update to Ruby 1.8.7-p352. Remove Patch43:...

Design/Logic Flaw

wimpytrackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the 1 trackFile, 2 trackArtist, and 3 trackTitle parameters, which can result in providing false information about songs, occupying excessive disk spa...

CVE-2006-0787

wimpytrackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the 1 trackFile, 2 trackArtist, and 3 trackTitle parameters, which can result in providing false information about songs, occupying excessive disk spa...

CVE-2006-0787

wimpytrackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the 1 trackFile, 2 trackArtist, and 3 trackTitle parameters, which can result in providing false information about songs, occupying excessive disk spa...

Invision Power Board 1.3 - &#039;SSI.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database. The impa...

HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A - LCD Display Modification

/ source: https://www.securityfocus.com/bid/2245/info Certain versions of HP JetDirect enabled printers provide a function PJL command that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more ...