PT-2026-47617

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag

Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...

PT-2026-34548

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.10 Description An authenticated attacker can store a crafted tag value in user tags to trigger JavaScript execution when a victim opens the list or report view where tags are rendered. This occurs because the renderer...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details Cross-site...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ReadFile function. An attacker can cause excessive CPU and memory consumption by supplying maliciously crafted TLV length values from an NFC or APDU source, leading to resourc...

CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

CVE-2026-24476

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

EUVD-2017-7231

Malware in sbrugna...

EUVD-2017-0169

Malware in sbrugna...

CVE-2021-34081

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository...

CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

NewStart CGSL MAIN 6.06 : ctags Vulnerability (NS-SA-2023-0143)

The remote NewStart CGSL host, running version MAIN 6.06, has ctags packages installed that are affected by a vulnerability: - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag filename. A crafted tag filename specified in the command line or i...

Cross-Site Scripting (XSS)

gitlab is vulnerable to a cross-site scripting XSS vulnerability. This vulnerability occurs due to improper neutralization of input during web page generation. An attacker can exploit this vulnerability by creating a malicious Jupyter notebook that contains a crafted tag. When a victim views the...

K16967: XSS vulnerability in jQuery CVE-2011-4969

Security Advisory Description Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CVE-2011-4969 Impact There is no impact; F5 products are not affected by this...

SUSE CVE-2010-2212

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service memory corruption via a PDF file containing Flash content with a crafted 1023 3FFh tag, a different vulnerability tha...

SUSE CVE-2011-4969

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

SUSE CVE-2016-9297

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via crafted TIFFSETGETC16ASCII or TIFFSETGETC32ASCII tag values...

SUSE CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...