EUVD-2024-36875

Malicious code in bioql PyPI...

EUVD-2025-0099

Malicious code in bioql PyPI...

EUVD-2024-38937

Malicious code in bioql PyPI...

SUSE-SU-2025:01571-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write bsc1241691...

CVE-2021-42388

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

CVE-2020-11146

Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

PT-2025-17811 · Peekaboo · Peekaboo

Name of the Vulnerable Software and Affected Versions: Peekaboo versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

Linux Distros Unpatched Vulnerability : CVE-2024-52559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/gem: prevent integer overflow in msmioctlgemsubmit The submit-cmdi.size and submit-cmdi.offset variables are u32 values that come from the user via the...

HTML Injection

leantime/leantime is vulnerable to HTML injection. The vulnerability is due to improper neutralization of HTML tags in users' first names, allowing arbitrary HTML to be injected into emails...

CVE-2024-4322

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /listpersonalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version...

CVE-2025-21612

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...

CVE-2024-56507

CVE-2024-56507 : A reflected Cross-Site Scripting (XSS) vulnerability exists in LinkAce prior to version 1.15.6, specifically in the Edit Link module’s URL field where input is reflected in the HTML response. The issue allows injection and execution of arbitrary JavaScript in a victim’s browser, ...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2024-45434)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...

CVE-2022-4092

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...

ProfitCode Software PayProCart 3.0 - AdminShop MMActionComm Cross-Site Scripting

ProfitCode Software PayProCart 3.0 - AdminShop MMActionComm Cross-Site Scripting source: https://www.securityfocus.com/bid/13309/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacke...

YaBB YaBB.pl usersrecentposts Action username Parameter XSS

The installed version of YaBB Yet Another Bulletin Board on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attack...

HRG007.txt

HRG - Hackerlounge Research Group Release: HRG007 Monday 03/01/05 427BB The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: 427BB Any Version --- General Information: 427BB Is a simple board...

Maelstrom Server 3.0.x - Argument Buffer Overflow (3)

Maelstrom Server 3.0.x - Argument Buffer Overflow 3 // source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it ...