37 matches found
Apple macOS Integer Overflow Vulnerability
Apple macOS is a specialized operating system developed by Apple for Mac computers. An integer overflow vulnerability exists in Apple macOS, which can be exploited by an attacker to cause heap corruption when processing malicious strings...
CVE-2026-20639
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple for Mac computers. An integer overflow vulnerability exists in Apple macOS, which can be exploited by an attacker to cause heap corruption when processing malicious strings...
EUVD-2021-15751
Malware in sbrugna...
EUVD-2022-40783
Malicious code in bioql PyPI...
EUVD-2022-40785
Malicious code in bioql PyPI...
CVE-2025-43353
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. Processing a maliciously crafted string may lead to heap corruption...
Regular Expression Denial Of Service (ReDoS)
terminal-kit is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in multiple functions of the library, allowing an attacker to crash the application by providing a malicious strings such as '^'.repeatbigNumber...
Cross site scripting
A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...
Cross site scripting
A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...
Esri Portal for ArcGIS 跨站脚本漏洞
Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal for ArcGIS, which stems from a stored cross-site scripting XSS vulnerability...
CVE-2022-38190
A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS
A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...
CVE-2021-29110
Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...
CVE-2021-29110
Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...
Cross site scripting
Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.
Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.
Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...