KLA91066 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in WebRTC can be exploite...

CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...

CVE-2008-6567

Multiple cross-site scripting XSS vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via 1 the e-mail address, 2 a comment, which is not properly handled during moderation, and 3 the tag parameter to gallery/tags.php...

CVE-2020-10075

GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input...

EUVD-2012-6433

Malware in sbrugna...

EUVD-2005-0622

Malware in sbrugna...

EUVD-2020-28021

Malware in sbrugna...

EUVD-2024-45722

Malicious code in bioql PyPI...

EUVD-2022-7529

Malicious code in bioql PyPI...

CVE-2020-36564

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

CVE-2025-30614

CVE-2025-30614 corresponds to a Reflected XSS in the Google Font Fix plugin for WordPress (Google Font Fix). Affected: Google Font Fix versions up to 2.3.1 (from n/a through 2.3.1). Root cause: improper neutralization of input during web page generation. Impact: Cross-site scripting exposure; use...

CVE-2025-27787

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

Using Valgrind on Chrome

Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...

CVE-2024-26151

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

PT-2023-22784 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query connected databases. User input from the db name and tb name parameter values in the...

CVE-2016-2350

Multiple cross-site scripting XSS vulnerabilities on the Accellion File Transfer Appliance FTA before FTA91240 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 getimageajax.php, 2 movepartitionframe.html, or 3 wmInfo.html...

Virtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness

No description provided by source. source: http://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be...

CVE-2010-3882

Multiple cross-site scripting XSS vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the 1 Add Pages, 2 Add Global Content, 3 Edit Global Content, 4 Add Article, 5 Add Category, 6 Add Field Definition, or 7 Add Shortcut...

CVE-2010-3882

Multiple cross-site scripting XSS vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the 1 Add Pages, 2 Add Global Content, 3 Edit Global Content, 4 Add Article, 5 Add Category, 6 Add Field Definition, or 7 Add Shortcut...

Virtual Hosting Control System 2.22.4 - change_password.php Current Password

Virtual Hosting Control System 2.22.4 - changepassword.php Current Password source: https://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass...