13 matches found
CVE-2026-21378
The CVE-2026-21378 entry describes a memory corruption vulnerability in a camera sensor driver triggered when IOCTLs access an output buffer without validating its size. Affected component is the camera sensor driver’s IOCTL handling (output buffer). Root cause: insufficient validation of the des...
EUVD-2007-0387
Malware in sbrugna...
EUVD-2023-12441
Malicious code in bioql PyPI...
EUVD-2025-7402
Malicious code in bioql PyPI...
CVE-2024-6362
The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PYSEC-2025-22
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting th...
CVE-2025-1497 Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497 Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
PT-2025-10588
Name of the Vulnerable Software and Affected Versions PlotAI affected versions not specified Description A vulnerability has been found that could result in Remote Code Execution RCE. The issue is due to the lack of validation of LLM-generated output, which allows an attacker to execute arbitrary...
CVE-2024-0559
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
WordPress Plugin Easy Forms for Mailchimp 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2022-3634
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...
Design/Logic Flaw
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...