@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +140 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

CVE-2026-32837

A flaw was found in miniaudio. An attacker can exploit a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser by processing a specially crafted WAV file. This vulnerability, caused by improper null-termination handling in the coding history field, allows for out-of-bounds reads...

[SECURITY] Fedora 42 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc42

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

WAV Fuzzer 1.0

This script is a fuzzer tool for WAV file processing programs that targets memory corruption vulnerabilities...

CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2026-9291

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2018-6312

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-14394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service application crash caused by a divide-by-zero error with a user crafted...

Linux Distros Unpatched Vulnerability : CVE-2023-37417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead...

CVE-2024-11881

The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6794

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...

CVE-2024-11881

The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11881 Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11881 Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Easy Waveform Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2024-17318 · WordPress · Easy Waveform Player

Name of the Vulnerable Software and Affected Versions: Easy Waveform Player plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode due to insufficient input sanitization and output...

WordPress Easy Waveform Player plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Easy Waveform Player versions = 1.2.0...

CVE-2024-6794

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...

CVE-2024-6794

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...

CVE-2024-6794

NI VeriStand Waveform Streaming Server is affected by CVE-2024-6794 due to a deserialization of untrusted data flaw that can lead to remote code execution when processing crafted messages. Affected products include NI VeriStand and versions up to and including 2024 Q2 (and prior). The vulnerabili...