1207 matches found
CVE-2024-39636
Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
Summary XSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...
CVE-2026-21871
NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...
EUVD-2026-1478
NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...
NiceGUI 跨站脚本漏洞
NiceGUI is NiceGUI open source an easy to use, Python based UI framework. A cross-site scripting vulnerability exists in NiceGUI versions 2.13.0 through 3.4.1, which stems from a cross-site scripting risk in the ui.navigate.history.push or replace function...
CVE-2020-36916
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...
PT-2026-1450
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...
PT-2026-21774
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description The local Caddy admin API, listening by default on 127.0.0.1:2019, includes a POST /load endpoint that allows replacing the entire running configuration. When origin enforcement is not enabled enforce...
PT-2026-26048
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the networking scheduler net/sched related to the act gate action. Specifically, the act gate action can be replaced while a hrtimer callback or dum...
SUSE CVE-2023-54180
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
EUVD-2023-60461
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
UBUNTU-CVE-2023-54180
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
CVE-2023-54192
CVE-2023-54192 affects the Linux kernel (f2fs). The vulnerability is a null pointer dereference panic in the tracepoint path for __replace_atomic_write_block, leading to kernel panic during f2fs_commit_atomic_write and ioctl handling when old_addr is NULL. A fix was released to address this null ...
CVE-2023-54180 btrfs: handle case when repair happens with dev-replace
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
CVE-2023-54180 btrfs: handle case when repair happens with dev-replace
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
CVE-2023-54180
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kernel got triggered when replacing a unreliable disk: BTRFS warning device...
Linux Distros Unpatched Vulnerability : CVE-2023-54180
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: handle case when repair happens with dev-replace BUG There is a bug report that a BUGON in btrfsrepairiofailure originally repairiofailure in v6.0 kerne...
CVE-2022-50690
CVE-2022-50690 affects Wondershare MirrorGo 2.0.11.346. The root cause is insecure file permissions on the executable ElevationService.exe, enabling unprivileged local users to replace it with a malicious file and achieve arbitrary code execution with LocalSystem privileges. Impact is local privi...
CVE-2025-14298
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2025-14298
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...