617 matches found
CVE-2025-26525
CVE-2025-26525 affects Moodle and is caused by insufficient sanitizing in the TeX notation filter, enabling an arbitrary file read on sites where pdfTeX is available (e.g., TeX Live). Multiple external feeds (GHSA, OSV) describe the vulnerability as Moodle’s arbitrary file read risk through pdfTe...
CVE-2025-26525 Arbitrary file read risk through pdfTeX
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...
PT-2025-7781 · Tex Live +1 · Tex Live +1
Name of the Vulnerable Software and Affected Versions: TeX Live affected versions not specified Description: The issue is related to insufficient sanitizing in the TeX notation filter, which poses an arbitrary file read risk on sites where pdfTeX is available. This typically affects systems with...
PT-2025-7784 · Unknown +1 · Ddimageortext +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A stored XSS risk was identified in the drag-and-drop onto image ddimageortext question type, which required additional sanitizing. Recommendations: At the moment, there is no information...
CLSA-2025-1739822224 samba: Fix of CVE-2023-34968
Fix CVE-2023-34968: fix path disclosure vulnerability by sanitizing search query results - Delete fixed tests from knowfail list...
PT-2025-42569
Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to sanitizing attributes unwrapped from data-ve-attributes. This could potentially allow for issues related to attribute handling. Recommendations At th...
WordPress plugin WP-SVG 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...
CVE-2024-54484
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data...
Arbitrary File Read
moodle/moodle is vulnerable to Arbitrary file read. The vulnerability is due to insufficient sanitizing in the TeX notation filter, which allows file reading on sites where pdfTeX is available, such as those with TeX Live installed...
PYSEC-2024-160
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
GHSA-C86Q-RJ37-8F85 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the...
GHSA-HJGC-JXJC-8V9J Moodle reflected XSS via H5P error message
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...
CVE-2024-43439
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...
GHSA-4HJF-6PXR-549H Moodle Cross-site Scripting vulnerability
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...
CVE-2024-43437
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...
UBUNTU-CVE-2024-43437
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...
CVE-2024-43437
CVE-2024-43437 affects Moodle and is described in connected sources as a cross-site scripting (XSS) risk caused by insufficient sanitization of data during restoration of backup files. The vulnerability arises when processing malicious backups, enabling XSS. The connected documents (OSV, GHSA, CN...
CVE-2024-43437 Moodle: xss risk when restoring malicious course backup file
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...
CVE-2024-46952
An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...