DRUPAL-CONTRIB-2026-032

The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an tag, they may be able to insert arbitrary JavaScript. This vulnerability is mitigated by the fact that a text format that allows iframe-consent HT...

Integer Overflow or Wraparound

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

OESA-2026-1012 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

EUVD-2004-0783

Malware in sbrugna...

EUVD-2001-0240

Malware in sbrugna...

EUVD-2009-0769

Malware in sbrugna...

EUVD-2005-2502

Malware in sbrugna...

EUVD-2019-13241

Malware in sbrugna...

EUVD-2023-1039

Malicious code in bioql PyPI...

Malicious code in browser-html-to-rtf (npm)

The package browser-html-to-rtf was found to contain malicious code...

Exploit for Use After Free in Microsoft

🛑 CVE-2025-21298 – Critical Zero-Click RCE in Microsoft Window...

CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format RTF files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands...

Khan Academy: Unauthorized Account Access via Leaked Credentials in URL Format (Account Takeover )

The vulnerability allowed attackers to access user accounts on khanAcademy.com using leaked credentials that were publicly available. The credentials were found in clear text format on a third-party website. By entering the email and password, the attacker could perform an account takeover withou...

Tracker Software PDF-XChange Editor 安全漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from the RTF file parsing module containing a heap-based buffer overflow...

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

Security Bulletin: Vulnerabilities in Google Protocol Buffers affect IBM watsonx.data

Summary Google Protocol Buffers and protobuf-java core and lite have multiple vulnerabilities that can affect watsonx.data. These vulnerablities include denail of service attacks and remote code executions, Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow...

Parsing issue in protobuf textformat

...

CVE-2024-5486

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network...