10 matches found
CVE-2026-28274
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-25156
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
CVE-2025-10859 Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...
Cacti Access Control Error Vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data through snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. An Access Control Error vulnerability exists in Cacti versions prior to...
SUSE CVE-2016-1974
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via crafted Unicode data in an HTM...
Microsoft Windows MSHTML Engine - (Edit) Remote Code Execution Exploit
Exploit for windows platform in category local exploits Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...
Microsoft Windows MSHTML Engine - Edit Remote Code Execution
Microsoft Windows MSHTML Engine - Edit Remote Code Execution Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...
DEBIAN-CVE-2016-1974
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via crafted Unicode data in an HTM...
Microsoft Office Document Conversions Launcher Detection
Microsoft Office Document Conversions Launcher is running on this port. This service is installed by Microsoft SharePoint Server and allows for Office Documents to be converted into web documents for use in SharePoint server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Internet Explorer CSS clip attribute memory corruption
Added: 11/16/2010 CVE: CVE-2010-3962 BID: 44536 OSVDB: 68987 Background Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specif...