Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...

EUVD-2019-7200

Malware in sbrugna...

EUVD-2021-20379

Malware in sbrugna...

EUVD-2021-8762

Malicious code in bioql PyPI...

CVE-2025-47327 Use After Free in Camera

Memory corruption while encoding the image data...

PT-2025-39283

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description A memory corruption issue exists when encoding image data. The issue involves potential corruption during the image encoding process. Recommendations At the moment, there is no information about a...

CVE-2025-8661

CVE-2025-8661 is described as a stored Cross-Site Scripting (XSS) vulnerability in Symantec PGP Encryption 11.0.1, arising from improper validation/encoding of user-supplied data. Per the initial entry, the CVSS 3.1 base score is 6.1 (Medium) with Network attack vector, user interaction required,...

CVE-2025-8661 Stored Cross-Site Scripting in Symantec PGP Encryption 11.0.1

A stored Cross-Site Scripting vulnerability XSS occurs when the server does not properly validate or encode the data entered by the user...

SUSE-SU-2025:02746-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2024-42333: Fixed buffer over-read for broken UTF8 mail data injection. bsc1233834 - CVE-2024-22117: Fixed a bug that can cause the map element to crash when new URLs are added. bsc1233791...

CVE-2021-21489

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting XSS vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. T...

Matrix libolm 安全漏洞

Matrix libolm olm is a cryptographic library from the Matrix Foundation. A security vulnerability exists in Matrix libolm version 3.2.16 and prior versions, which stems from the use of base64 when decoding group session keys, which may be subject to cache timing attacks...

PT-2024-40445 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: A cross-site scripting issue has been found in the TreeDropdownField and TreeMultiSelectField. This can be exploited if a user with CMS access posts malicious or unescaped HTML int...

CVE-2023-6146

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25732

CVE-2023-25732 involves an out-of-bounds memory write caused by incorrect calculation of the input size when encoding data from inputStream in xpcom. The vulnerability affects Firefox before 110, Thunderbird before 102.8, and Firefox ESR before 102.8. Connected advisories corroborate the issue an...

[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

SUSE CVE-2009-3876

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...

SUSE CVE-2016-2176

The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service buffer over-read via crafted EBCDIC ASN.1 data...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-045-01)

The version of mozilla-firefox installed on the remote host is prior to 102.8.0esr / 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-01 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory...

The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control C2 server. "When a user creates an account on an online platform, a unique account page that can be accesse...