EUVD-2026-32078

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

PT-2026-39551

A flaw has been found in Squirrel up to 3.2. Impacted is the function validate format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackEOSImageFormat and ptpunpackEOSCustomFuncEx functions due to missing length validation for input buffers. An attacker can cause the application to read out-of-bounds memory by supplying crafted data to...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

aiven-extras 代码问题漏洞

aiven-extras is an aiven open source tool that enables non-super users to access certain database functions. A code issue vulnerability exists in aiven-extras versions prior to 1.1.15, which stems from a format function that does not use a schema prefix, and could lead to elevated privileges...

Information Disclosure

yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account credentials...

PT-2024-18920 · Unknown · Web3-Utils

Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...

Prototype Pollution

Overview web3-utils is a Collection of utility functions used in web3.js. Affected versions of this package are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading ...

CVE-2023-41050 Information disclosure through Python's "format" functionality in Zope AccessControl

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

SUSE CVE-2020-36403

HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat called from vcfparse and vcfread...

UBUNTU-CVE-2016-10745

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape...

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

PT-2019-4623 · Django +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.18 Django versions 2.0.x through 2.0.10 Django versions 2.1.x through 2.1.5 Description: The issue is related to uncontrolled memory consumption, which can lead to a complete depletion of resources,...

PT-2016-3271 · Xmlsoft +5 · Libxml2 +5

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.4 Description: The issue is related to a format string vulnerability in the libxml2 library. This vulnerability may allow attackers to have an unspecified impact through format string specifiers in unknown vector...

UBUNTU-CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...