CVE-2025-70616

Vulnerability: CVE-2025-70616 affects the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0). The IOCTL handler 0x80102058 copies user-supplied Options into a 40-byte stack buffer (Src[40]) without proper bounds checking, via memmove, enabling a stack-based buffer overflow. An attacker w...

PT-2026-23482

Name of the Vulnerable Software and Affected Versions Wincor Nixdorf wnBios64.sys version 1.2.0.0 Description A stack buffer overflow exists in the wnBios64.sys kernel driver within the IOCTL handler for code 0x80102058. The issue is due to a lack of bounds checking on the user-controlled Options...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2026-0862

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2026-0862

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2026-0862

CVE-2026-0862 concerns the WordPress plugin “Save as PDF Plugin by PDFCrowd.” Wordfence/patch data indicate a Reflected Cross-Site Scripting (XSS) vulnerability via the options parameter in all versions up to 4.5.5, caused by insufficient input sanitization and output escaping. Exploitation by an...

CVE-2026-0862 Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2026-0862 Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2026-0862

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

PT-2026-4617

Name of the Vulnerable Software and Affected Versions Save as PDF Plugin for WordPress versions prior to 4.5.6 Description The Save as PDF Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the options parameter. Insufficient input sanitization and output escaping allow...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...

PNETLab 安全漏洞

PNETLab is a platform from PNETLab Inc. that allows labs to be downloaded and shared with the community. A security vulnerability exists in PNETLab version 5.3.11 that stems from the qemuoptions parameter being vulnerable to command injection attacks...

EUVD-2021-0979

Malware in sbrugna...

EUVD-2021-1096

Malware in sbrugna...

CVE-2025-59831

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

PT-2024-17014 · Filestack · Filestack Official Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Filestack Official plugin for WordPress versions up to, and including, 2.0.0 Description: The issue is related to Reflected Cross-Site Scripting via the fstab and filestack options parameters due to insufficient input sanitization and output...

CVE-2024-8669

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuplywpclonesql function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficien...