CVE-2026-9437

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

[SECURITY] Fedora 44 Update: kf6-kcoreaddons-6.25.0-1.fc44

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

OESA-2026-1495 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Mozilla: Memory Corruption in Text Fragments

The Mozilla Foundation Security Advisory describes this flaw as: By manipulating the text in an tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash...

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...

CVE-2024-1257 Jspxcms find_text.do cross site scripting

A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/findtext.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird 52.1, Firefox ESR 52.1, and Firefox 53...

Huntpad - The Bug Hunter's Notepad

Syhunt Huntpad is a notepad application with features that are particularly useful to penetration testers and bug hunters - a collection of common injection string generators, hash generators, encoders and decoders, HTML and text manipulation functions, and so on, coupled with syntax highlighting...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

RBKmoney: Text manipulation in https://checkout.rbk.money

Phishing / social engineering via text manipulation on html form labels...

Learning PowerShell: basic programs

In the previous posts we have looked at some elementary PowerShell concepts and we have constructed some basic commands to export and compare data. We did this by using an example of certificates being dumped in the “Untrusted” category by some malware. This time we will try to write a program th...