CVE-2026-25805

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

AZL-72299 CVE-2025-14512 affecting package glib for versions less than 2.71.0-9

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

EUVD-2020-22824

Malware in sbrugna...

EUVD-2019-9169

Malware in sbrugna...

Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4, which stems from an external RSS feed link attribute containing malicious values that could lead to a cross-site scripting attack...

Cross site scripting

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

CVE-2023-20037

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

DEBIAN-CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

Unspecified Vulnerability in Mozilla Firefox ESR (CNVD-2020-26231)

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. An unspecified vulnerability exists in Mozilla Firefox ESR. An attacker can exploit the vulnerability by overriding a user's preferences with malicious preference values to...

Denial Of Service (DoS)

uap-core is vulnerable to denial of service. A remote attacker is able to crash the application from excess resource consumption due to overlapping capture groups, by passing malicious values within the User-Agent header in a HTTP request for parsing...

Arbitrary Code Execution

JOAL is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code by submitting malicious values to multiple parameters...

Denial Of Service (DoS)

libspice.so is vulnerable to denial of service. The vulnerability is possible because the function memslotgetvirt lacks the proper boundary checking for slotid array in memslot.c, which is calculated using a QXLPHYSICAL address set by the guest QXL driver, thereby allowing an attacker to input...

Cross site scripting

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

CVE-2017-16017

The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...

Adobe Flash Player ActionScript Atom Value Memory Corruption (APSB11-02; CVE-2011-0574)

The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient type checking by the Adobe Flash Player. A remote attacker may exploit this iss...