6 matches found
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...
CVE-2025-40663
CVE-2025-40663 describes a Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos v23.02.01.17 (i2A). An authenticated attacker can upload a malicious SVG image into a user’s personal space at /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments, leading to script execution withi...
PT-2024-18893 · Kernel · Kernel
Name of the Vulnerable Software and Affected Versions: Kernel affected versions not specified Description: The issue is related to memory corruption in the Kernel while handling GPU operations. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
PT-2023-35859 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Invalid-free. The crash state involves several function calls, including hb free impl, OT::glyf:: free...
PT-2022-23645 · Samsung · Libsdkrecognitiontext.Spensdk.Samsung.So
Name of the Vulnerable Software and Affected Versions: libSDKRecognitionText.spensdk.samsung.so library affected versions not specified Description: A heap-based overflow vulnerability in the PrepareRecogLibrary Part function allows an attacker to cause a memory access fault. The issue is present...
PT-2018-14549 · D Link · Dsl-2640T
Name of the Vulnerable Software and Affected Versions: D-link DSL-2640T routers affected versions not specified Description: A security issue exists in the cgi-bin/webcm component of D-link DSL-2640T routers, where an XSS attack can be performed via the var:RelaodHref or var:conid parameter...