3782 matches found
arm-64-exploit-demo
ARM64 Buffer Overflow Exploit Demo A from-scratch demonstrati...
liquidjs has a Denial of Service via circular block reference in layout
Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...
GHSA-4RC3-7J7W-M548 liquidjs has a Denial of Service via circular block reference in layout
Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...
PT-2026-35030
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.7 Description A circular block reference within % layout % and % block % tags can trigger an infinite recursive loop. This occurs in the getBlockRender function within src/tags/block.ts during OUTPUT mode; when...
PT-2026-34814
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013719)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013719 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client shou...
CLSA-2026-1776762459 harfbuzz: Fix of CVE-2023-25193
CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...
CVE-2026-6703
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
EUVD-2026-24069
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
PT-2026-33919
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011395)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011395 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client shou...
firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Layout: Text and Fonts component...
firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Layout: Text and Fonts component...
Apache Log4net: Silent Log Event Loss In XmlLayout And XmlLayoutSchemaLog4J Due To Unescaped XML 1.0 Forbidden Character
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
CLSA-2026-1776443255 libxslt: Fix of CVE-2023-40403
CVE-2023-40403: make generate-id deterministic to prevent memory layout leak...
CVE-2026-6486
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...
CVE-2026-6486 classroombookings User Display Name layout.php read cross site scripting
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...