HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2018-14882

Dec 3, 2025 20:31:48 UTC

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

CVE-2018-16151

Dec 3, 2025 20:26:00 UTC

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature ...

CVE-2018-16152

Dec 3, 2025 20:24:34 UTC

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 si...

CVE-2024-1647

Dec 3, 2025 20:21:55 UTC

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

CVE-2024-1648

Dec 3, 2025 20:19:12 UTC

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

CVE-2025-64527

Dec 3, 2025 20:18:19 UTC

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tok...

CVE-2023-4316

Dec 3, 2025 20:17:51 UTC

Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails.

CVE-2023-0842

Dec 3, 2025 20:14:55 UTC

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

CVE-2023-0835

Dec 3, 2025 20:12:39 UTC

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.

CVE-2022-43984

Dec 3, 2025 20:10:14 UTC

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html...

CVE-2022-41713

Dec 3, 2025 20:08:02 UTC

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edit...

CVE-2022-41706

Dec 3, 2025 20:06:46 UTC

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

CVE-2018-16228

Dec 3, 2025 20:05:56 UTC

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

CVE-2022-43983

Dec 3, 2025 20:05:20 UTC

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's ...

CVE-2025-50361

Dec 3, 2025 20:05:18 UTC

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.

Page: 37