CVE-2026-20429

CVE-2026-20429 concerns a vulnerability in the device display subsystem where a missing bounds check can cause an out-of-bounds read. This may lead to local information disclosure if an attacker already has System privilege, with no user interaction required for exploitation. The connected docume...

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Fast-xml-parser versions 5.3.5 and earlier contain security vulnerabilities. These vulnerabiliti...

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

CVE-2025-32123

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

WordPress plugin lbg-vp2-html5-rightside has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2023-53567

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a...

CVE-2023-37535

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2025-3569

Affected software: JamesZBL/code-projects db-hospital-drug 1.0. The vulnerability resides in ShiroConfig.java and involves improper authorization. Exploitation is described as possible remotely; the exploit has been publicly disclosed. Documented impact is limited to authorization control, with n...

VulnCheck KEV: CVE-2024-33553

Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5...

GHSA-8H4X-XVJP-VF99 Hazelcast Platform permission checking in CSV File Source connector

Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...

WideStand CMS Cross-Site Scripting Vulnerability

WideStand CMS is a content management system from WideStand, Inc. A cross-site scripting vulnerability exists in WideStand CMS versions prior to 5.3.5 that stems from the direct use of the query's URL content to generate one of the meta tags, which would allow an attacker to inject HTML/Javascrip...

Fortinet FortiPortal 代码问题漏洞

Fortinet FortiPortal is a hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal is vulnerable in versions 6.0.0 to 6.0.4, 5.3 .0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2...

PT-2019-5458 · Lua +9 · Lua +9

Name of the Vulnerable Software and Affected Versions: Lua version 5.3.5 Description: The issue is related to a use-after-free in the lua upvaluejoin function in lapi.c, which can be exploited by an attacker to cause a crash. This can be achieved by triggering a debug.upvaluejoin call with specif...

3CX Phone System Directory Traversal Vulnerability

3CX Phone System is a unified communications solution that includes web conferencing, IP telephony, and cell phone clients.Management Console is one of the management console programs. A directory traversal vulnerability exists in Management Console in 3CX Phone System version 15.5.3554.1. An...

IBM Security Access Manager for Web Multicast DNS Information Disclosure Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. An information...