CVE-2026-44258 efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

EUVD-2013-0973

Malware in sbrugna...

Owncast 跨站脚本漏洞

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A cross-site scripting vulnerability exists in Owncast, which in affected versions executes inline script when parsing Javascript via a paste operation...

CVE-2013-5129

CVE-2013-5129 affects WebKit in Apple iOS prior to 7. It describes two user-assisted XSS vectors: (1) drag-and-drop and (2) copy-and-paste, allowing an attacker to inject arbitrary script/HTML via data handled by WebKit. The vulnerability arises from how WebKit processes dragged/pasted content an...

Debian DSA-2695-1 : chromium-browser - several issues

Several vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. - CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to...

Code injection

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation...

DEBIAN-CVE-2007-6389

The notify feature in GNOME screensaver gnome-screensaver 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V...

CVE-2005-0146

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation...

CVE-2003-0469

Buffer overflow in the HTML Converter HTML32.cnv on various Windows operating systems allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag...