CVE-2022-1725

A NULL pointer dereference vulnerability was found in Vim's vimregexecstring function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service. Mitigation Untrusted vim scrip...

CVE-2022-38936

An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbcwmessageinteger in src/wmessage.c:137...

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

Cross site scripting

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue in the src/helpers/Cp.php page...

CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

CVE-2022-38890

CVE-2022-38890 affects Nginx NJS 0.7.7. A segmentation violation is triggered by the njs_utf8_next function in src/njs_utf8.h. Public sources consistently describe the vulnerability as a segmentation fault in NJS, with NVD citing a CVSS v3.1 base score of 5.5 (Medium) and local attack vector, req...

ouqiang gocron Cross-site scripting vulnerability

Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...

CVE-2022-40365

Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...

CVE-2022-40365

Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...

CVE-2022-3016

A heap use-after-free vulnerability was found in vim's getnextvalidentry function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file,...

Use After Free in function do_tag

Description Use After Free in function dotag at vim/src/tag.c:807. vim version ./vim --version VIM - Vi IMproved 9.0 2022 Jun 28, compiled Sep 2 2022 22:56:19 Included patches: 1-363 Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/elva/fuzzvim/test/poc8huaf.dat -c :qa!...

CVE-2022-2982

A heap use-after-free vulnerability was found in vim's qffillbuffer function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap...

Heap-based Buffer Overflow

libmodbus.so is vulnerable to heap-based buffer overflow. The vulnerability exists in modbusreply function at src/modbus.c because it does not check for the null values earlier. which allows an attacker to cause a buffer overflow...

CVE-2022-0367

A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...

CVE-2022-0367

A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...

UBUNTU-CVE-2022-0367

A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...

CVE-2022-0367

A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...

CVE-2022-0367

CVE-2022-0367 affects libmodbus; a heap-based buffer overflow was found in modbus_reply() (src/modbus.c). Public advisories and multiple Debian/openSUSE/Nessus entries confirm this vulnerability and have issued security updates to libmodbus packages (e.g., Debian 3.1.4-2+deb10u2, 3.1.6-2+deb11u1;...

Out-of-bound Read

vim is vulnerable to out-of-bound read vulnerability. The vulnerability exists in the checkvim9unlet function in src/vim9cmds.c which allows a malicious attacker to read sensitive data in the system...