Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the FTXT encoder when parsing the ftxt:format parameter. An attacker can cause a denial of service by supplying a specially crafted input file that triggers an out-of-bounds read. Remediation A fix was pushed into...

Out-of-bounds Read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Out-of-bounds Read

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

CVE-2025-68643

Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...

WordPress plugin LinkedIn SC 跨站脚本漏洞

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

CVE-2022-37240

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...

EUVD-2007-0092

Malware in sbrugna...

EUVD-2006-6652

Malware in sbrugna...

EUVD-2008-1391

Malware in sbrugna...

EUVD-2006-4539

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-3769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via format parameter. CVE-2018-3769 Note that Nessus relies on the presence of the...

PT-2024-40636 · Git +1 · Checker-Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the org.checkerframework.checker.formatter.util.FormatUtil.formatParameterCategories function, as part...

PT-2024-40617 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 6 crash has been reported. The crash involves the functions extract fmtp, parse sdp session, and parse mixed content...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

PT-2024-22550 · Koha Ils · Koha Ils

Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Recommendations: For versions 23.05 and earlier, update to a version that contains a f...

SUSE CVE-2014-0081

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...