Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the imaplib module. An attacker can manipulate mailbox state, such as deleting emails, moving folders, flagging messages, or reading metadata or specific email content by injecting malicious input...

Huawei HarmonyOS hiview module missing data validation vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A missing data validation vulnerability exists in the Huawei HarmonyOS hiview module, which can be exploited by an attacker to cause availability to be...

CVE-2025-15056

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002788 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002807 advisory. Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Tenable has extracted the preceding description block directly from the Unity...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A missing data validation vulnerability exists in the Huawei HarmonyOS hiview module, which can be exploited by an attacker to cause availability to be...

GHSA-V3M3-F69X-JF25 Quill is vulnerable to XSS via HTML export feature

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

CVE-2025-15056

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

CVE-2025-15056

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

EUVD-2026-2033

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

CVE-2025-15056

The CVE-2025-15056 entry concerns Quill 2.0.3, where the HTML export feature contains a lack of data validation that enables Cross‑Site Scripting (XSS). The issue is documented across multiple sources (NVD, Red Hat, CIRCL, GHSA/OSV, and Snyk references) confirming the vulnerability in Quill’s HTM...

PT-2026-2446

Name of the Vulnerable Software and Affected Versions Quill version 2.0.3 Description A flaw exists in the HTML export feature of Quill that does not properly validate data, potentially leading to Cross-Site Scripting XSS. This issue was identified by Fluid Attacks' research team. Recommendations...

Quill 注入漏洞

Quill is a Quill open source application. It provides application editor functionality. Quill 2.0.3 version of the injection vulnerability , the vulnerability stems from the HTML export function lack of data validation , which may lead to cross-site scripting attacks...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2018-18059

An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can...

CVE-2021-27398

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V16.0.5. The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27396. An attacke...

CVE-2021-27488

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...

CVE-2021-33738

A vulnerability has been identified in JT2Go All versions V13.2.0.2, Teamcenter Visualization All versions V13.2.0.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past th...