CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

Cadmium CMS has a background arbitrary file upload vulnerability

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

SUSE CVE-2025-59728

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the resolvecontentpath process. An attacker can cause a write operation to occur one byte past the end of a heap-allocated buffer by crafting a specially designed MPEG-DASH manifest that triggers the appending of ...

CVE-2025-59728 Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

EUVD-2025-32519

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that stems from an out-of-bounds NUL byte write in the content path calculation when processing MPEG-DASH manifests, which could lead to memory...

WordPress plugin The Hack Repair Guys Plugin Archiver Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-45189

Mage AI is affected by a path traversal vulnerability in the Git Content request that allows remote users with the Viewer role to leak arbitrary files from the Mage server. The issue is documented across multiple sources (CVE-2024-45189, related advisories) and is characterized by improper input ...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

CVE-2023-31046

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...

CVE-2023-37649

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data...

WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...

WordPress Neosense Theme Upload Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation.Neosense is a dynamic news theme for WordPress. An upload vulnerability exists in WordPress Neosense Theme. An attacker can exploit this vulnerability to upload arbitrary files to the...