VYPR
Vendor

Socusoft

Products
5
CVEs
11
Across products
11
Status
Private

Products

5

Recent CVEs

11
  • CVE-2018-25376HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration…

  • CVE-2018-25375HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and…

  • CVE-2018-25373HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with…

  • CVE-2019-25689HigApr 12, 2026
    risk 0.55cvss 8.4epss 0.00

    HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help…

  • CVE-2020-37028HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a…

  • CVE-2017-12439HigAug 5, 2017
    risk 0.49cvss 7.5epss 0.01

    SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and…

  • CVE-2025-27005HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.

  • CVE-2024-13156MedJan 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-5522Jun 20, 2024
    risk 0.07cvss epss 0.03

    The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2023-6485Jan 1, 2024
    risk 0.00cvss epss 0.01

    The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting…

  • CVE-2019-1010163Jul 24, 2019
    risk 0.00cvss epss 0.01

    Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library.…