6109 matches found
CVE-2025-5470
Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275...
CVE-2025-5469 Dylib Hijacking in Yandex Messenger
Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...
CVE-2025-5469 Dylib Hijacking in Yandex Messenger
Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
CVE-2022-50649 power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is masked with 0x07, which means a length of 8, but adp5061chgtype array size is 4, may end up reading 4 elements beyond the end of th...
PT-2025-50090
Name of the Vulnerable Software and Affected Versions Yandex Telemost versions prior to 2.19.1 Description An uncontrolled search path element issue exists in Yandex Telemost on MacOS, enabling search order hijacking. This allows an attacker to potentially manipulate the system's search path to...
TalentSoft UNIS SQL注入漏洞
TalentSoft UNIS is a talent management system from TalentSoft Turkey. A SQL injection vulnerability exists in TalentSoft UNIS versions prior to 42321, which stems from improper neutralization of special elements and could lead to a SQL injection attack...
DEBIAN-CVE-2023-53762
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
CVE-2025-13448
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13448
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13448
CVE-2025-13448: CSSIgniter Shortcodes for WordPress is vulnerable to Stored XSS via the element shortcode attribute in versions up to 2.4.1. Exploitation requires Contributor+ access; an attacker can inject scripts on pages viewed by users. Wordfence has patched the issue in 2.4.1—update to 2.4.1...
CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-200724
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-48788
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress CSSIgniter Shortcodes plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CSSIgniter Shortcodes versions = 2.4.1...
CVE-2025-66458
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...
CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...