EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

PT-2026-33236

Name of the Vulnerable Software and Affected Versions github.com/gomarkdown/markdown affected versions not specified Description Processing malformed input containing a character anywhere in the remaining text using a SmartypantsRenderer can lead to an Out of Bounds read or a panic. This occurs...

Malicious code in greater-than (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9287f16baf24f1b5d14e3cdae0ae58d583bcacfa0a19d78c41fc32b3fdce547c When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...

MAL-2025-41681 Malicious code in greater-than (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9287f16baf24f1b5d14e3cdae0ae58d583bcacfa0a19d78c41fc32b3fdce547c When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...

PT-2024-16419 · WordPress · Woocommerce Support Ticket System

Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...

CVE-2024-33030

Qualcomm chipsets with LPLH are affected by CVE-2024-33030. The issue is memory corruption caused by parsing IPC frequency table parameters when the input size is larger than expected. Impact is memory corruption (per the sources), with no public details on affected versions or a patch in the pro...

PT-2024-25809 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to command injections in the project that are not well filtered, leading to arbitrary file writes and ultimately to remote code executions RCEs. The mirror configuration...

SUSE CVE-2023-24824

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

SUSE CVE-2018-5773

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...

SUSE CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions 1.0 through 2.0.0-rc4 has an Integer Overflow...

CVE-2022-35992 `CHECK` fail in `TensorListFromTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later

libfreerdp/core/update.c in FreeRDP versions 1.1 through 2.0.0-rc4 has an Out-of-bounds Read...

DEBIAN-CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject greater than characters via the id attribute of a headline...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...