1601 matches found
CVE-2025-64729
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
AVEVA Process Optimization security vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...
PT-2026-3220
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001192)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001192 advisory. The pcpuembedfirstchunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data...
PT-2026-3196
Name of the Vulnerable Software and Affected Versions Process Optimization affected versions not specified Description An authenticated attacker with standard user privileges can modify Process Optimization project files, insert code, and potentially gain the privileges of a user who interacts wi...
CVE-2024-14021
LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...
CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization
LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...
CVE-2023-49837
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6...
CVE-2023-50824
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021...
CVE-2025-23807
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jim2212001 Spiderpowa Embed PDF spiderpowa-embed-pdf allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through = 1.0...
CVE-2022-0381
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and...
CVE-2025-23507
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows Reflected XSS.This issue affects Blrt WP Embed: from n/a through = 1.6.9...
CVE-1999-0876
Buffer overflow in Internet Explorer 4.0 via EMBED tag...
PT-2026-26486
Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...
WordPress YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin YouTube Embed, Playlist and Popup by WpDevArt versions = 2.6.7...
CVE-2025-68565
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through = 2.1.3...
CVE-2025-68599
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...
EUVD-2025-205236
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...
EUVD-2025-205270
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through = 2.1.3...
CVE-2025-68599
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...