Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the transformError function. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content that is not...

CVE-2025-11970

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

EUVD-2018-17580

Malware in sbrugna...

EUVD-2022-41112

Malicious code in bioql PyPI...

EUVD-2024-3609

Malicious code in bioql PyPI...

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.

...

CVE-2021-32298

An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFFerrorId located in error.c. It allows an attacker to cause code Execution...

PT-2025-18088 · Unknown · Thecartpress

Name of the Vulnerable Software and Affected Versions: TheCartPress boot-store versions 1.6.4 Description: The issue allows for XSS in the header.php file through the tcp register error function. It is noted that this issue is not related to any Oracle product. Recommendations: For version 1.6.4,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of proper sanitization of the $msg parameter in the Error function. An attacker who can inject a script into parameter that is passed out in the text of an error message - such as a font name - c...

TCPDF missing character escape on error messages

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

UBUNTU-CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

CVE-2024-56527

CVE-2024-56527 affects the TCPDF PHP class. The issue is in the Error() function, which lacks an htmlspecialchars escape for the error message. This is a code-level input handling flaw in TCPDF prior to 6.8.0. Connected advisories from Debian (DLA-4199/DSA-5933) show multiple TCPDF CVEs, includin...

OESA-2024-2113 jbig2dec security update

jbig2dec is a decoder implementation of the JBIG2 image compression format. Security Fixes: Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2error at /jbig2dec/jbig2.c.CVE-2023-46361...

PT-2024-40774 · Glslang · Glslang

Name of the Vulnerable Software and Affected Versions: glslang affected versions not specified Description: The issue is related to a crash in the glslang software, specifically in the glslang::TInfoSinkBase::location, glslang::TParseContextBase::outputMessage, and glslang::TParseContextBase::err...

GoBGP 安全漏洞

GoBGP is an open source Border Gateway Protocol BGP implementation from osrg open source. A security vulnerability exists in gobgp. A remote attacker could exploit this vulnerability to cause a denial of service via the HandlingError function in pkg/server/fsm.go...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a security flaw in PTRERR...

CVE-2023-31974

yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

PT-2023-23549 · Yasm +1 · Yasm +1

Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0 Description: The issue is related to a use after free via the function error at /nasm/nasm-pp.c. Note that multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

CVE-2023-31974

CVE-2023-31974 concerns yasm v1.3.0 with a use-after-free in the error handling path (/nasm/nasm-pp.c). The vulnerability status is disputed by third parties as per the description, but connected documents consistently identify a use-after-free issue that could affect local exploitation with high...