CVE-2025-26525

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

UBUNTU-CVE-2025-26525

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

CVE-2025-26525

CVE-2025-26525 affects Moodle and is caused by insufficient sanitizing in the TeX notation filter, enabling an arbitrary file read on sites where pdfTeX is available (e.g., TeX Live). Multiple external feeds (GHSA, OSV) describe the vulnerability as Moodle’s arbitrary file read risk through pdfTe...

python-django: Memory exhaustion in django.utils.numberformat.floatformat()

A security issue was found in Django. If 'floatformat' received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. To avoid this, decimals with more than 200 digits are now returned as is...

Distribution 安全漏洞

Distribution is Distribution's open source toolset for packaging, shipping, storing and delivering content. A security vulnerability exists in Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2, which stems from a vulnerability that allows an attacker to inject an untrusted signing key into a...

WordPress ABC Notation plugin <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by yudha in WordPress Plugin ABC Notation versions = 6.1.3...

frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

CVE-2024-13551

The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13550

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files...

CVE-2024-13551 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13551

CVE-2024-13551 : The ABC Notation plugin for WordPress (versions

CVE-2024-13550

Summary of CVE-2024-13550 (ABC Notation WordPress plugin) The WordPress ABC Notation plugin (versions up to and including 6.1.3) is affected by a path traversal vulnerability exploitable via the file attribute of the abcjs shortcode. The issue permits an authenticated attacker with Contributor-le...

CVE-2024-13550 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files...

CVE-2024-13551 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13550 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files...

PT-2025-2217 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin ABC Notation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin ABC Notation 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-2216 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain...

PT-2025-1400 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is caused by a buffer overflow in the ASN.1 deserialization function of the S1AP handler, leading to type confusion in decoded fields. This results in invalid parsing and freeing of memory,...