Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-12590

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-12590 body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS
Exploits0References2
Circl
Circl
added 2025/11/11 5:33 a.m.21 views

CVE-2025-12590

creationtimestamp| type| source ---|---|--- 2025-11-11 05:33:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5dfyesz7s2q...

6.1CVSS5.7AI score0.00126EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/10 10:33 p.m.6 views

WordPress YSlider plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin YSlider versions = 1.1...

6.1CVSS5.6AI score0.00126EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.5 views

CVE-2024-12590

The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS5.8AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/01/07 4:15 a.m.6 views

CVE-2024-12590

The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS0.00265EPSS
Exploits0References2
Circl
Circl
added 2025/01/07 3:37 a.m.4 views

CVE-2024-12590

creationtimestamp| type| source ---|---|--- 2025-01-07 03:37:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/296 2025-01-07 04:13:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113785123354135342 2025-01-07 04:16:02+00:00| seen|...

6.4CVSS8.7AI score0.00265EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/13 12:0 a.m.45 views

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12590)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12590 advisory. 5.4.17-2136.321.4.el7 - tick/common: Align tick period during schedtimer setup Thomas Gleixner Orabug: 35520079 - net/rds: Fix endless rdssendxmit loo...

7.8CVSS7.3AI score0.05451EPSS
Exploits10References3
NVD
NVD
added 2022/12/30 10:15 p.m.13 views

CVE-2020-12590

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

Exploits0
CVE
CVE
added 2018/06/20 12:0 p.m.47 views

CVE-2018-12590

Affected product / version: Ubiquiti Networks EdgeSwitch 1.7.3 and earlier. Vulnerability: externally controlled format-string in the admin CLI due to lack of protection, enabling code execution and privilege escalation beyond what admins can do. Impact: attacker with access to an admin account c...

9CVSS7.6AI score0.0167EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/03/16 2:4 p.m.39 views

CVE-2017-12590

Summary: CVE-2017-12590 affects ASUS RT-N14UHP routers. A reflected Cross-Site Scripting (XSS) flaw exists in the "flag" parameter of the web interface, exploitable via crafted input. Affected product version range is before 3.0.0.4.380.8015 . The root cause is a lack of proper input handling lea...

6.1CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2010/05/13 12:0 a.m.6 views

CVE-2010-2044

creationtimestamp| type| source ---|---|--- 2010-05-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12590...

7.5CVSS5.8AI score0.01151EPSS
Exploits1References1
Rows per page
Query Builder