| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend |
| Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. |
| Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. |
| Out-of-bounds Read in vim/vim prior to 8.2. |
| Heap-based Buffer Overflow in vim/vim prior to 8.2. |
| A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. |
| The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce) |
| The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog |
| vim is vulnerable to Heap-based Buffer Overflow |
| Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. |
| radare2 is vulnerable to Out-of-bounds Read |
| vim is vulnerable to Heap-based Buffer Overflow |
