14 matches found
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-41411 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...
📄 Lightweight Music Server 3.76.0 Cross Site Scripting
Lightweight Music Server version 3.76.0 suffers from a persistent cross site scripting vulnerability. LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding. An attacker who gets a file...
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
DEBIAN-CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2023-28358
A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover...
Telegram 缓冲区错误漏洞
Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived VGradientCache :: generateGradientColorTable function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior t...
Telegram 缓冲区错误漏洞
Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived function LOTGradient :: populate of the rlottie library in Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can...
Arbitrary Code Execution
vim is vulnerable to arbitrary code execution. The vulnerability exists when Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim...
DEDECMS member center code submit defects can getshell
Preface : dedecms this year to update a lot of patches,the present article selected 20170315 patch for learning and research. Body: From the official website to download DEDECMS 20170315 patch using DIFF comparison tools for comparison: See the Red part, the servermsg1 variables appearing in dede...
vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...