5590 matches found
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
WordPress Admin Word Count Column 2.2 - Local File Inclusion
The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...
CVE-2026-39437 WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...
CVE-2026-6047
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
EUVD-2026-36737
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
CVE-2026-6047
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
UBUNTU-CVE-2026-6047
LibreOffice can import documents in the OOXML format DOCX. A heap bu...
OESA-2026-2614 catdoc security update
catdoc is program which reads one or more Microsoft word files and outputs text, contained insinde them to standard output. Therefore it does same work for.doc files, as unix cat command for plain ASCII files. It is now accompanied by xls2csv - program which converts Excel spreadsheet into...
EUVD-2026-36412
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...
CVE-2026-45466
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-45643
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45486
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45471
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45457
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...
EUVD-2026-35690
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
EUVD-2026-35652
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
EUVD-2026-35649
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
EUVD-2026-35672
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
EUVD-2026-35540
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...