CVE-2026-1766

Heap Buffer Overflow in GNOME localsearch MP3 Extractor ID3v2.3 COMM Tags...

SUSE CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick has a NULL pointer dereference in the MSL parser when processing tags before any image loads (CVE-2026-23952). Affected: ImageMagick versions 14.10.1 and earlier. Impact: potential DoS through assertion failure (debug builds) or NULL pointer dereference (release). Mitigation: upgrade...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

Cross Site Scripting (XSS)

antisamy is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy file. This issue can be exploited by an attacker to inject malicious JavaScript via comment tags...

Cross Site Scripting

AntiSamy is vulnerable to Cross Site Scripting. The vulnerability arises due to flawed parsing of the HTML being sanitized. As a result an attacker can execute malicious JavaScript on client side by using certain crafty inputs resulting in elements in comment tags being interpreted as executable...

CVE-2022-31743

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...

Cross-site Scripting (XSS)

firefox is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of HTML comment tags, resulting in an incongruity with other browsers allowing an attacker to inject maliciously crafted script into the system...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-06863)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from incorrect input validation when handling HTML comment tags. The vulnerability can be exploited by an attacker to launch...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from incorrect input validation when handling HTML comment tags. The vulnerability can be exploited by an attacker to launch...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

Arbitrary Code Execution

gstreamer-plugins-base is vulnerable to arbitrary code execution. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash...

CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386

Check for the Version of gstreamer-plugins-base OpenVAS Vulnerability Test CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 5 : gstreamer-plugins-base (CESA-2009:0352)

Updated gstreamer-plugins-base packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GStreamer is a streaming media framework based on graphs of filters which operat...

RedHat Security Advisory RHSA-2009:0352

The remote host is missing updates announced in advisory RHSA-2009:0352. GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based...