15 matches found
CVE-2026-5940 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
CVE-2026-5940
Summary of CVE-2026-5940 : Foxit PDF Editor/Reader contains a use-after-free vulnerability in the annotation flow. The issue arises when a function triggers a UI refresh after removing comments via a script, which may access an invalidated object and cause a crash. The CVE record cites a CVSS v3....
CVE-2026-5940 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
Privilege Context Switching Error
Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...
Privilege Context Switching Error
Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...
CVE-2022-50564
CVE-2022-50564 affects the Linux kernel on s390 where the netiucv_transmit path (netiucv_tx) has a return-type mismatch with the expected netdev_tx_t in the ndo_start_xmit operation. The description notes that with clang CFI (CONFIG_CFI_CLANG), an incompatible function pointer type between netiuc...
EUVD-2022-6537
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-25887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic ...
Bulk Comment Remove <= 2 - Cross-Site Request Forgery via brc_admin()
Description The Bulk Comment Remove plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2. This is due to missing or incorrect nonce validation on the brcadmin function. This makes it possible for unauthenticated attackers to delete comments in bulk...
GHSA-CGFM-XWP7-2CVR Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
PT-2022-17586 · Unknown +2 · Sanitize-Html +2
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 2.7.1 Description: The issue is related to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal. Recommendations: For versions prior to...