5567 matches found
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling
A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space...
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space...
CVE-2025-59600 Buffer Over-read in Graphics
Memory Corruption when adding user-supplied data without checking available buffer space...
EUVD-2025-208194
Memory Corruption when adding user-supplied data without checking available buffer space...
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14288)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the urlfilter.cgi endpoint in the REDIRECTPAGE or CHILDREN parameter on the user-supplied data lack of effective filterin...
PT-2026-22650
Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists due to the addition of user-supplied data without proper buffer space validation. This can lead to unexpected behavior or potentially allow an attacker to control program...
CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
WordPress Gotham Block Extra Light plugin cross-site scripting vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. The WordPress Gotham Block Extra Light plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
CVE-2019-11574
An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...
Soda PDF Desktop Out-of-Bounds Read Vulnerability
Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop has an out-of-bounds read vulnerability that stems from a lack of validation of user-supplied data when parsing PDF files, which can be...
WordPress iframe plugin cross-site scripting vulnerability
The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
WordPress Captivate Sync plugin deserialization vulnerability
WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...
EUVD-2016-1401
Malware in sbrugna...
EUVD-2020-20841
Malware in sbrugna...
EUVD-2017-15016
Malware in sbrugna...
EUVD-2012-6567
Malware in sbrugna...
EUVD-2017-15961
Malware in sbrugna...