GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

PT-2026-42366

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

Missing Write Protection for Parametric Data Values

Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...

EUVD-2026-21589

goshs is Missing Write Protection for Parametric Data Values...

EUVD-2020-0264

Malware in sbrugna...

EUVD-2018-14314

Malware in sbrugna...

CVE-2024-29839 Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values.

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...

Ubuntu: Security Advisory (USN-4985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the data values provided by the user such as navigationtitle and pageTitle in the function createHtml, allowing a malicious user to inject and execute malicious web script...

GHSA-GF8J-V8X5-H9QP XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes

enshrined/svg-sanitize before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript:alert substring...

Code injection

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript:alert substring...

CVE-2019-18857

The CVE refers to darylldoyle svg-sanitizer before 0.12.0, where the parser mishandles script and data values in attributes, evidenced by unusual whitespace such as javascript :alert. This vulnerability is documented across multiple feeds (NVD, Red Hat, GHSA, OSV, etc.) and is associated with cro...

CVE-2018-2459

Users of an SAP Mobile Platform version 3.0 Offline OData application, which uses Offline OData-supplied delta tokens which is on by default, occasionally receive some data values of a different user...

CVE-2018-10081

CMS Made Simple CMSMS through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring...

Ubuntu 17.10 : linux vulnerabilities (USN-3523-1) (Meltdown)

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...