CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

European police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol's OTF GRIMM task force and how they're fighting this disturbing trend...

7.3AI score

Exploits0

Vulnrichment•added 2024/02/15 12:18 p.m.•25 views

CVE-2024-20733 [ZS-VR-23-360] Adobe Acrobat Reader Parsing OTF font Denial-of-Service Vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service...

5.5CVSS6.2AI score0.00444EPSS

Exploits0References1

Cvelist•added 2024/02/15 12:18 p.m.•15 views

CVE-2024-20733 [ZS-VR-23-360] Adobe Acrobat Reader Parsing OTF font Denial-of-Service Vulnerability

5.5CVSS6.2AI score0.00444EPSS

Exploits0References1

Prion•added 2023/10/31 2:15 p.m.•11 views

Unrestricted file upload

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

4.9CVSS5.5AI score0.00222EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/10/09 12:0 a.m.•15 views

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG with the payload: View the SVG and see the XSS...

5.4CVSS5.3AI score0.00222EPSS

Exploits2Affected Software1

wpexploit•added 2023/10/09 12:0 a.m.•159 views

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. As an author, upload an SVG with the payload: alert"xss"; View the SVG and see the XSS...

5.4CVSS5.4AI score0.00222EPSS

Exploits2

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11571

FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble parsettf.c resulting in DoS or code execution via a crafted otf file...

6.3CVSS9AI score0.00513EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11570

FontForge 20161012 is vulnerable to a buffer over-read in umodenc parsettf.c resulting in DoS or code execution via a crafted otf file...

7.6CVSS8.9AI score0.00273EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11569

FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights parsettf.c resulting in DoS or code execution via a crafted otf file...

7.6CVSS8.9AI score0.00565EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11577

FontForge 20161012 is vulnerable to a buffer over-read in getsid parsettf.c resulting in DoS or code execution via a crafted otf file...

6.3CVSS8.9AI score0.00273EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by