CVE-2026-47676

Summary: In Hono, prior to 4.12.21, app.mount() strips the mount prefix from the raw URL pathname while route matching uses the percent-decoded path. This mismatch can cause the prefix to be stripped at the wrong position for percent-encoded multi-byte characters, causing the mounted sub-applicat...

USN-5460-1: Vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. CVE-2022-0554 It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs...

GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

GHSA-XV6X-43GQ-4HFJ PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

Arbitrary Command Execution

php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions...

FreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)

The samba project reports : Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full password string. Users with the 'get changes'...

Samba AD DC check password script does not receive

Description Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The...

samba -- multiple vulnerabilities

The samba project reports: Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full password string. Users with the "get changes"...

Cross site scripting

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

Quassel Resource Management Error Vulnerability

Quassel aka Quassel IRC is a cross-platform distributed IRC chat client developed by the Quassel IRC team , which is developed using the QT application framework , PostgreSQL database to store data . A security vulnerability exists in Quassel 0.11.0 and earlier versions, which stems from the...

IrfanView < 4.37 Multiple Buffer Overflow Vulnerabilities

The remote Windows host contains a version of IrfanView prior to version 4.37. It is, therefore, reportedly affected by multiple buffer overflow vulnerabilities : - A boundary error exists when handling the LZW code stream within GIF files that could lead to arbitrary code execution. CVE-2013-535...

JVN#63194482: IrfanView vulnerable to buffer overflow

IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Impact When processing a specially crafted file contained in a folder named using multi-byte...

Scientific Linux Security Update : php on SL5.x i386/x86_64

It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...

Moderate: Red Hat Security Advisory: php security and bug fix update

Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

RHEL 3 / 5 : php (RHSA-2008:0544)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

Buffer overflow

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte Unicode characters...

CVE-2007-2152

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte Unicode characters...