Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41565: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad TadTools - Reflected XSS

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.

CVE
Open in Source

Related news

CVE-2020-23878: Stack-buffer-overflow-XRef-fetch · Issue #45 · flexpaper/pdf2json

pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.

CVE-2020-23874: Poc/pdf2xml at master · Aurorainfinity/Poc

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.

CVE-2020-23873: Poc/pdf2xml at master · Aurorainfinity/Poc

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.

CVE-2020-23872: Poc/pdf2xml at master · Aurorainfinity/Poc

A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).

CVE-2020-23877: Stack-buffer-overflow-XRef-getObjectStream · Issue #15 · kermitt2/pdf2xml

pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.

CVE-2020-23876: Poc/pdf2xml at master · Aurorainfinity/Poc

pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.

Yellowfin Cross Site Scripting / Insecure Direct Object Reference

Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE