3229 matches found
CVE-2026-23161 mm/shmem, swap: fix race of truncate and swap entry split
In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xacmpxchgirq to erase the swap entry, but it gets the entry order before tha...
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
CVE-2025-13648
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...
PT-2026-7507
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...
inoERP 跨站脚本漏洞
inoERP is an open-source enterprise management system developed by Nishit as a personal project. Version 0.7.2 of inoERP contains a cross-site scripting vulnerability. This vulnerability stems from the comment section, where stored cross-site scripts may allow unverified attackers to inject...
Siemens S7-1500 NULL Pointer Dereference (CVE-2025-8224)
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...
Siemens S7-1500 Improper Encoding or Escaping of Output (CVE-2025-7545)
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...
PT-2026-6762
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.2 Description OpenProject is a web-based project management software. A flaw existed in the drag-and-drop functionality for agenda items, where the system did not verify if the target meeting section belonged...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2020-37065
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...
CVE-2020-37065 StreamRipper32 2.6 - Buffer Overflow
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...
CVE-2020-37065
CVE-2020-37065 affects StreamRipper32 version 2.6. The vulnerability is a buffer overflow in the Station/Song Section triggered by the SongPattern input, where payloads exceeding 256 bytes can overwrite memory and potentially lead to arbitrary code execution and application compromise. Documented...
StreamRipper32 安全漏洞
StreamRipper32 is an open-source tool developed by StreamRipper for capturing and saving MP3 files from online radio stations. Version 2.6 of StreamRipper32 contains a security vulnerability, which stems from a buffer overflow in the Station/Song Section component, potentially allowing arbitrary...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
PT-2026-5816
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...
CVE-2025-61644
CVE-2025-61644 is an XSS vulnerability in Wikimedia Foundation MediaWiki, tied to the client-side file resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. The issue arises from improper neutralization of input during web page generation, affecting MediaWiki instances: from before f...
CVE-2025-61644 i18n XSS through Special:Watchlist
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...