CVE-2025-13847

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-13847

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2025-36500

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53855

The CVE-2025-53855 entry refers to an out-of-bounds write in the XML parser of GCC Productions Inc. Fade In 4.2.0. Talos confirms a vulnerability in Fade In’s XML parsing logic where the software can access memory via a missing/negated index, causing an out-of-bounds write and memory corruption. ...

CVE-2025-53814

CVE-2025-53814 affects GCC Productions Inc. Fade In 4.2.0. Cisco Talos details a use-after-free in Fade In's XML parser that can lead to heap-based memory corruption when processing a crafted .xml file. The TALOS-2025-2252 advisory confirms a heap corruption path via the XML parsing logic, with e...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2025-36501

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

PT-2025-44157

Name of the Vulnerable Software and Affected Versions GCC Productions Inc. Fade In version 4.2.0 Description A use-after-free issue exists in the XML parser functionality. Providing a specially crafted .xml file can lead to heap-based memory corruption. An attacker can trigger this by supplying a...

GCC Productions Fade In 缓冲区错误漏洞

GCC Productions Fade In is a professional script writing software from GCC Productions, Inc. A buffer error vulnerability exists in GCC Productions Fade In version 4.2.0, which stems from an out-of-bounds write to the XML parser function that can be triggered by an attacker via a specially crafte...

GCC Productions Fade In 资源管理错误漏洞

GCC Productions Fade In is a professional scriptwriting software from GCC Productions, Inc. A resource management error vulnerability exists in GCC Productions Fade In version 4.2.0, which stems from a post-release reuse issue in the XML parsing functionality that could lead to heap-based memory...

PT-2025-44158

Name of the Vulnerable Software and Affected Versions GCC Productions Inc. Fade In version 4.2.0 Description An out-of-bounds write issue exists in the XML parser functionality. A specially crafted .fadein file can trigger this issue, potentially allowing an attacker to provide a malicious file a...