UBUNTU-CVE-2026-2922

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2026-2293 NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...

CVE-2023-42045

PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

Contec SolarView Compact 跨站脚本漏洞

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

Popcorn Time 跨站脚本漏洞

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...

GalleryCMS 跨站脚本漏洞

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

Hotel-Mgmt-System 跨站脚本漏洞

Hotel-Mgmt-System is a hotel management system. A cross-site scripting vulnerability exists in Hotel-Mgmt-System version 1.0, which stems from a lack of data validation filtering of user-supplied and output data in /admin.php. An attacker could exploit this vulnerability to execute JavaScript cod...

IBM Security Verify Access 跨站脚本漏洞

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

PbootCMS 安全漏洞

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. PbootCMS has a security vulnerability, the vulnerability stems from the platform's message board function does not validate the data, an attacker can exploit the vulnerability to execute...

CVE-2021-25678

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds...