Code injection

Mintty before 3.4.7 mishandles Bracketed Paste Mode...

CVE-2021-31701

Mintty before 3.4.7 mishandles Bracketed Paste Mode...

CVE-2021-31701

Mintty before 3.4.7 mishandles Bracketed Paste Mode. The issue affects Mintty (terminal emulator) with versions older than 3.4.7 due to incorrect handling of bracketed paste sequences, as documented across multiple sources (NVD entry and vendor reports). Impact details are not elaborated beyond t...

Mintty 安全漏洞

mintty is an application software Cygwin terminal emulator, also available for MSYS and Msys2. A security vulnerability exists in Mintty prior to 3.4.7, which stems from incorrect handling of bracketed paste patterns...

Cross-site scripting in TinyMCE

Overview tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Recommendation Upgrade to versions 4.9.7, 5.1.4 or later References - CVE - GitHub Advisory...

GHSA-P7J5-4MWM-HV86 Duplicate Advisory: Cross-site scripting in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references. Original Description TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin...

Anote 1.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Anote 1.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Description: A simple opensource note app support markdown only, anote...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-510977db25)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: spice-vdagent-0.21.0-1.fc32

Spice agent for Linux guests offering the following features: Features: Client mouse mode no need to grab mouse by client, no mouse lag this is handled by the daemon by feeding mouse events into the kernel via uinput. This will only work if the active X-session is running a spice-vdagent process ...

[SECURITY] Fedora 33 Update: spice-vdagent-0.21.0-1.fc33

Spice agent for Linux guests offering the following features: Features: Client mouse mode no need to grab mouse by client, no mouse lag this is handled by the daemon by feeding mouse events into the kernel via uinput. This will only work if the active X-session is running a spice-vdagent process ...

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-09ce0cdfac)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

July 31, 2020—KB4568831 (OS Build 19041.423) Preview

July 31, 2020—KB4568831 OS Build 19041.423 Preview IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates also referred to as the "B" release or Update Tuesday...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...