CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

EUVD-2026-24161

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

EUVD-2020-29034

Malware in sbrugna...

EUVD-2024-1175

Malicious code in bioql PyPI...

The vulnerability of the evlReadFile function in the SysFunction.cpp module of the “Red Database” database management system allows a hacker to gain access to read files with tabular data structures.

The vulnerability of the evlReadFile function in the SysFunction.cpp module of the “Red Database” database management system is related to the mechanism for accessing file blocks, which is configured in the directories.conf configuration file. Exploiting this vulnerability allows a remote attacke...

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

Cross Site Scripting

concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. This vulnerability is due to a lack of input sanitization, allowing a rogue administrator to insert malicious code into the link-text field when creating a file block...

UBUNTU-CVE-2019-7156

In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero...

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Overview Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type, which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE uses the URL Moniker to processes remotely-linked content in ...

KLA10785 Code execution vulnerability in Microsoft Office

Multiple unspecified vulnerabilities was found in Microsoft Office. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content. Technical details You can mitigate this vulnerability via using Microsoft...

Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content...

Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content...

Microsoft Word RTF文件解析错误代码执行漏洞

CVE ID:CVE-2014-1761 Microsoft Word 是微软公司的一个文字处理软件。 因Microsoft Word在解析畸形的RTF格式数据时存在错误导致内存破坏，使得攻击者能够执行任意代码。当用户使用Microsoft Word受影响的版本打开恶意RTF文件，或者Microsoft Word是Microsoft Outlook的Email Viewer时，用户预览或打开恶意的RTF邮件信息，攻击者都可能成功利用此漏洞，从而获得当前用户的权限。值得注意的是，Microsoft Outlook 2007/2010/2013默认的Email Viewer都是Microso...

Microsoft Word RTF File 'listoverridecount'远程代码执行漏洞（MS12-079)

BUGTRAQ ID: 56834 CVECAN ID: CVE-2012-2539 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 Microsoft Word 在解析listoverridecount相关的RTF（Rich Text Format）数据时存在漏洞。通过诱使用户浏览恶意网站或在e-mail邮件中打开特定格式的rtf文件，未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Office 2003 Professional Edition Microsoft Office Word Viewer...

Microsoft DirectX DirectPlay堆溢出任意代码执行漏洞（MS12-082）

BUGTRAQ ID: 56839 CVECAN ID: CVE-2012-1537 DirectX是Windows操作系统下的多媒体系统链接库。 Microsoft DirectX功能的DirectPlay组件在实现上存在错误，通过诱使用户打开特制的文件，未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Vista...

Microsoft Excel远程代码执行漏洞(MS11-096)

BUGTRAQ ID: 50954 CVE ID: CVE-2011-3403 Excel是微软公司的办公软件Microsoft office的组件之一，是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Excel在处理特制Excel文件的实现上存在远程代码执行漏洞，成功利用后可允许攻击者以当前用户权限执行任意代码。 Microsoft Excel 2003 SP3 Microsoft Office 2004 for Mac 0 临时解决方法： 在Excel 2003中设置Office文件验证以禁止打开没有通过验证的文件。...

Microsoft Excel Office Art远程代码执行漏洞(MS11-021)

BUGTRAQ ID: 47226 CVE ID: CVE-2011-0979 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在实现上存在缓冲区溢出漏洞，远程攻击者可利用此漏洞以当前用户权限执行任意代码，造成拒绝服务。 Microsoft Office Excel处理特制Excel文件的方式中存在一个远程执行代码漏洞，成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户 Microsoft...

Microsoft issues PowerPoint zero-day warning

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software. According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as “limited and...

Trojan exploiting Excel zero-day flaw

Reports have been circulating in the last couple of days about an unpatched vulnerability in Microsoft Excel, and the software giant has now confirmed the problem. The flaw allows attackers to run code on remote machines if they can entice a user into opening a malicious Excel file. Some security...