Exploit for CVE-2026-45659

CVE-2026-45659 SharePoint Deserialization RCE Overview E...

Astra Linux – Vulnerability in Firefox and Thunderbird

Firefox incorrectly treated an inline list-item element as a block element, resulting in out-of-bounds reading or memory corruption, as well as a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

CVE-2026-5328

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

CVE-2026-5328

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

CVE-2026-5328

CVE-2026-5328 affects shsuishang modulithshop, specifically the ProductItemDao/ProductIndexServiceImpl.java listItem function. The vulnerability arises from manipulating the sidx/sort parameter, enabling SQL injection via remote input. A patch identified as 42bcb9463425d1be906c3b290cf29885eb5a232...

CVE-2026-5328 shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

JLSEC-2025-243 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value,...

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

EUVD-2021-16447

Malware in sbrugna...

EUVD-2021-8237

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-29988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitab...

CLSA-2025-1754338412 libarchive: Fix of CVE-2025-25724

CVE-2025-25724: fix crash in listitemverbose on invalid time...

Astra Linux - уязвимость в libarchive

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

The vulnerability of the list_item_verbose() function in the Libarchive library allows a hacker to execute arbitrary code on the target system.

The vulnerability of the listitemverbose function in the Libarchive library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

Malicious code in @sporta-technology/d11-web-components.list-item.list-item-dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @sporta-technology/d11-web-components.list-item.list-item (npm)

--- -= Per source details. Do not edit below this line.=-...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-25724: Fixed buffer overflow vulnerability in function listitemverbose in tar/util.c bsc1238610. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

PT-2024-37768 · WordPress · Mdx Theme

Name of the Vulnerable Software and Affected Versions: MDx theme for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mdx list item' shortcode due to insufficient input sanitization and output escaping on user-suppli...

OESA-2024-1893 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory...

Malicious code in uitk-react-action-list-item (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5ae6c09c0106f49a13c2a2b42ec5ae87f855fce905b95188d6645f263a17bf8 The OpenSSF Package Analysis project identified 'uitk-react-action-list-item' @ 99.99.1 npm as malicious. It is considered malicious because: -...