CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

EUVD-2018-14289

Malware in sbrugna...

EUVD-2018-0472

Malware in sbrugna...

EUVD-2014-0195

Malware in sbrugna...

EUVD-2023-2443

Malicious code in bioql PyPI...

CVE-2025-10044 Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

PT-2025-34773 · Unknown · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero Data Observability Platform versions prior to 2025.5.2 Description: Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page. Recommendations: Update SelectZero...

CVE-2021-35451

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application...

CVE-2012-2606

The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack...

HP SiteScope SOAP Call LoadFileContent Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call loadFileContent Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...

WebNMS Framework Server Arbitrary Text File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Arbitrary Text File Download', 'Description' = %q This module abuses a vulnerability in WebNMS Framework Server 5.2 that...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

util-linux wall Escape Sequence Injection

Wall-Escape CVE-2024-28085 Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from...

Arbitrary Text Injection

Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed...

Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

GHSA-6F4M-J56W-55C3 Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...