phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

GHSA-H36G-93QX-RXGR phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

CVE-2026-46363 phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

PT-2026-40540

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs generates JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped befor...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190940 Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...

123cli-guessing-game (=1.0.0), @slatwall/cra-template-ultra-commerce-storefront (>=0.2.0 <=0.3.3) +5 more potentially affected by unknown CVE via url-encode-decode (=1.0.0)

url-encode-decode NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-encode-decode and may be impacted: - 123cli-guessing-game =1.0.0 - @slatwall/cra-template-ultra-commerce-storefront =0.2.0, =0.6.0, =1.0.0, =1.0.1, =0.1.0, =0.3.2...

123cli-guessing-game (=1.0.0), @slatwall/cra-template-ultra-commerce-storefront (>=0.2.0 <=0.3.3) +5 more potentially affected by unknown CVE via url-encode-decode (=1.0.0)

url-encode-decode NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-encode-decode and may be impacted: - 123cli-guessing-game =1.0.0 - @slatwall/cra-template-ultra-commerce-storefront =0.2.0, =0.6.0, =1.0.0, =1.0.1, =0.1.0, =0.3.2...

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...

ghostscript: buffer overflow in base/sbcp.c leading to data corruption

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

ghostscript: buffer overflow in base/sbcp.c leading to data corruption

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

CVE-2023-46135

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

CVE-2023-46135 Panic in SignedPayload::from_payload

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

DEBIAN-CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)

/ ; NOT-Encoder.py ; Author: Daniele Votta ; Description: This program encode shellcode with NOT technique. ; Tested on: i686 GNU/Linux ; Shellcode Length:25 !/usr/bin/python Python NOT Encoder Execve /bin/sh shellcode...

XSS'OR - Hack with JavaScript

XSS'OR is a free online tool for hacking with JavaScript. It contains three major modules: 1. Encode/Decode The Encode/Decode module, including: front-end encryption and decryption; code compression, decompression, beautification, the implementation of testing; character set conversion, hash...