CVE-2020-0017

In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8...

CVE-2019-20575

An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...

CVE-2019-14213

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSGSignatureF and CPDFDocument destruction...

CVE-2018-9375

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2013-4609

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...

Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.

Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...

Ensure That the Weak Password Dictionary Is Set Correctly

If a user password is weak, it is easy for attackers to guess the password or crack it through dictionary attacks in a short period of time. A weak password dictionary is a collection of passwords that are not strong enough and can be easily cracked through guesses. Weak passwords include default...

CVE-2025-4353

A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch t...

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

...

UBUNTU-CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.

Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...

urbandictionary.com Cross Site Scripting vulnerability OBB-4043122

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which stems from the edit method not properly verifying the privileges of the requesting user, which could result in modifying the specified dictId...

SUSE CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-30840

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through = 2.12.5...

CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

UBUNTU-CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-3154 Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-3154

CVE-2025-3154 affects Xpdf up to version 4.05, due to an out-of-bounds array write triggered by an invalid VerticesPerRow value in a PDF shading dictionary. Fedora advisories show the fix as xpdf-4.06, and Slackware/Nessus entries reference the same vulnerability family; upgrade to 4.06 (or newer...