Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

CVE-2026-31354

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and 9.6.0-alpha.53, an attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name...

EUVD-2019-19876

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

CVE-2019-25564

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

CVE-2019-25564

Summary : CVE-2019-25564 affects PCHelpWareV2 1.0.0.5. The vulnerability is a local, denial-of-service issue triggered by an excessively long string in the Group field, where a buffer overflow payload can be pasted into the Group property and cause the application to crash. The connected records ...

CVE-2019-25564

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

CVE-2019-25564 PCHelpWareV2 1.0.0.5 Denial of Service via Group Field

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

CVE-2019-25564 PCHelpWareV2 1.0.0.5 Denial of Service via Group Field

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

PT-2026-26909

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash...

UltraVNC PCHelpWareV2 缓冲区错误漏洞

UltraVNC PCHelpWareV2 is a remote control tool developed by the UltraVNC company. Version 1.0.0.5 of UltraVNC PCHelpWareV2 contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the Group field, which could allow local attackers to cause the application to crash...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference due to vdpasimblk not initializing the nas and ngroups fields...

SUSE CVE-2024-29646

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields...

UBUNTU-CVE-2024-29646

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields...

Radare2 安全漏洞

radare2 is a set of libraries and tools for working with binaries from the radare open source. ws is a Node.js WebSocket library from the WebSockets open source. A security vulnerability exists in Radare2 version v.5.8.8, which stems from a buffer overflow that could allow an attacker to execute...

CVE-2022-31302

maccms8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Server Group text field...

CVE-2022-31303

maccms10 was discovered to contain a stored cross-site scripting XSS vulnerability via the Server Group text field...

CVE-2022-31302

maccms8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Server Group text field...

MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/5586/info The Microsoft Word and Excel INCLUDETEXT Field Code may be used to insert an arbitrary local file into a document. The INCLUDETEXT Field Code is reported to, under some circumstances, present a security threat. ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...