CVE-2021-47973 Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...

CVE-2021-47969

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

CVE-2021-47944

The CVE-2021-47944 entry concerns memono Notepad 4.2, where a denial-of-service condition can be triggered by pasting excessively long character buffers into note fields. A payload of ~350,000 repeated characters pasted twice into a new note can crash the iOS version. The vulnerability is documen...

PT-2026-39518

memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an...

CVE-2019-25595 jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causin...

CVE-2020-37188

CVE-2020-37188 – SpotOutlook 1.2.6 contains a denial-of-service vulnerability in the registration Name field. The issue arises when an input is crafted to overwrite the buffer by pasting 1000 'A' characters into the Name field, causing the application to become unresponsive. The disclosure provid...

CVE-2020-37188 SpotOutlook 1.2.6 - 'Name' Denial of Service

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive...

CVE-2020-37107 Core FTP LE 2.2 - Denial of Service

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become...

CVE-2020-37132

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal...

CVE-2020-37130 Nsauditor 3.2.0.0 - 'Name' Denial of Service

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name...

CVE-2021-47876 GeoGebra Classic 5.0.631.0-d - Denial of Service

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigg...

CVE-2021-47815 Nsauditor 3.2.3 - Denial of Service (PoC)

Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash...

EUVD-2024-2638

Malicious code in bioql PyPI...

Trix 跨站脚本漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A cross-site scripting vulnerability exists in versions prior to Trix 2.1.15, which stems from vulnerability to cross-site scripting attacks when pasting malicious code...

MongoDB Shell may be susceptible to control character injection via pasting

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...

Cross-site Scripting (XSS)

Overview django-froala-editor is a django-froala-editor package helps integrate Froala WYSIWYG HTML editor with Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS when pasting copied content into the editor. Details Cross-site scripting or XSS is a code...

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

Unable to paste cell[s] with format in Excel by pressing Ctrl+V on a HDX session using CWA for HTML5

Unable to paste cells with format in Excel by pressing Ctrl+V on a HDX session using Citrix Workspace app for HTML5. When you copy a cell and paste it to multiple cells, "The data you're pasting isn't the same size as your selection. Do you want to paste anyway?" message is shown and then if you...

MarkText 跨站脚本漏洞

MarkText is a simple and elegant open source Markdown editor focused on speed and usability. A security vulnerability exists in MarkText version 0.17.1, originating in the src/muya/lib/contentState/pasteCtrl.js file, which can be exploited by copying and pasting text from a malicious web page int...

Failed to paste the copied content from client to Linux VDA

Copy content from a client machine to a Linux desktop failed randomly, nothing will be pasted into the Linux desktop. Meanwhile, this issue is not observed in a Windows VDA accessed from the same client machine. Copy content from a client machine, e.g. text. Move the mouse to the Linux desktop an...