26 matches found
CVE-2025-14145
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14145
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14145 Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14145 Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14145
The CVE-2025-14145 affecting Niche Hero plugin for WordPress is a Stored XSS in the nh_row shortcode (spacing parameter). Affected versions up to 1.0.5; exploitation requires Contributor+ authentication. Patch released with version 1.0.5 (remediation: escape/sanitize input and proper output escap...
PT-2026-1632
Name of the Vulnerable Software and Affected Versions The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress versions through 1.0.5 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...
WordPress Niche Hero | Beautifully-designed blocks in seconds plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Niche Hero versions = 1.0.5...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock issue in frame spacing operations that could lead to system instability...
SUSE CVE-2006-1730
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow...
Angle 缓冲区错误漏洞
Angle is a graphics layer engine. It is used in the default WebGl backend of Google Chrome and Mozilla Firefox on Windows platforms. A security vulnerability exists in Angle, which arises when the program incorrectly calculates the depth spacing of data and reads the end of the buffer on upload...
[SECURITY] Fedora 33 Update: mupdf-1.18.0-2.fc33
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling
It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...
Software Defined Radio Attack Tool: RFCrack
RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...
openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)
updated to libreoffice-3.4.5.5 SUSE 3.4.5-rc3 : - extras - add SUSE color palette fate312645 - filters - crash when loading embedded elements bnc693238 - crash when importing an empty paragraph rh667082 - writer - do not use an invalidated iterator fdo46337 - updated to libreoffice-3.4.5.4 SUSE...
Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecifi...
DEBIAN-CVE-2006-2786
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...
security flaw
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow...
Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1)
Web pages with extremely long titles caused subsequent launches of Firefox browser to hang for up to a few minutes, or caused Firefox to crash on computers with insufficient memory. CVE-2005-4134 Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables...
security flaw
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow...
Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The...