651 matches found
CyberChef has a Cross-site Scripting issue
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
EUVD-2026-26191
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
CyberChef up to version 11.0.0 is affected by an XSS in the Show Base64 offsets path, allowing script injection via the URL/fragment (e.g., /#recipe=Show_Base64_offsets...). Root cause: improper handling of Base64 offset input in the recipe viewer. Impact: potential script execution in the victim...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CyberChef 跨站脚本漏洞
CyberChef is an open-source network application developed by GCHQ, featuring functions such as encryption, encoding, compression, and data analysis. Versions of CyberChef prior to 11.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Show Base64 Offsets...
PT-2026-35866
Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...
[slackware-security] mpg123
New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mpg123-1.33.5-i586-1.txz: Upgraded. mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit offt was used with...
kernel: net/sched: cls_u32: use skb_header_pointer_careful()
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
ONE 安全漏洞
ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a security vulnerability. This vulnerability stemmed from improper verification of STRING tensor offsets, which could lead to out-of-bound access during the impor...
PT-2026-34262
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
python3 security update
3.6.8-21.0.9 - Security update CVE-2025-15366, CVE-2025-15367, CVE-2026-1299 Orabug: 39159999 3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS...
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...