5832 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002807)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002807 advisory. Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Tenable has extracted the preceding description block directly from the Unity...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A missing data validation vulnerability exists in the Huawei HarmonyOS hiview module, which can be exploited by an attacker to cause availability to be...
GHSA-V3M3-F69X-JF25 Quill is vulnerable to XSS via HTML export feature
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
CVE-2025-15056
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
CVE-2025-15056
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
EUVD-2026-2033
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...
CVE-2025-15056
The CVE-2025-15056 entry concerns Quill 2.0.3, where the HTML export feature contains a lack of data validation that enables Cross‑Site Scripting (XSS). The issue is documented across multiple sources (NVD, Red Hat, CIRCL, GHSA/OSV, and Snyk references) confirming the vulnerability in Quill’s HTM...
Quill 注入漏洞
Quill is a Quill open source application. It provides application editor functionality. Quill 2.0.3 version of the injection vulnerability , the vulnerability stems from the HTML export function lack of data validation , which may lead to cross-site scripting attacks...
PT-2026-2446
Name of the Vulnerable Software and Affected Versions Quill version 2.0.3 Description A flaw exists in the HTML export feature of Quill that does not properly validate data, potentially leading to Cross-Site Scripting XSS. This issue was identified by Fluid Attacks' research team. Recommendations...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2018-18059
An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can...
CVE-2021-27398
A vulnerability has been identified in Tecnomatix Plant Simulation All versions V16.0.5. The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27396. An attacke...
CVE-2021-27488
Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...
CVE-2021-33738
A vulnerability has been identified in JT2Go All versions V13.2.0.2, Teamcenter Visualization All versions V13.2.0.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past th...
CVE-2021-31444
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...
CVE-2021-22678
Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...