12 matches found
CVE-2026-12590
Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...
CVE-2026-12590 body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement
Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...
CVE-2025-12590
creationtimestamp| type| source ---|---|--- 2025-11-11 05:33:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5dfyesz7s2q...
WordPress YSlider plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin YSlider versions = 1.1...
CVE-2024-12590
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-12590
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-12590
creationtimestamp| type| source ---|---|--- 2025-01-07 03:37:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/296 2025-01-07 04:13:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113785123354135342 2025-01-07 04:16:02+00:00| seen|...
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12590)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12590 advisory. 5.4.17-2136.321.4.el7 - tick/common: Align tick period during schedtimer setup Thomas Gleixner Orabug: 35520079 - net/rds: Fix endless rdssendxmit loo...
CVE-2020-12590
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
CVE-2018-12590
Affected product / version: Ubiquiti Networks EdgeSwitch 1.7.3 and earlier. Vulnerability: externally controlled format-string in the admin CLI due to lack of protection, enabling code execution and privilege escalation beyond what admins can do. Impact: attacker with access to an admin account c...
CVE-2017-12590
Summary: CVE-2017-12590 affects ASUS RT-N14UHP routers. A reflected Cross-Site Scripting (XSS) flaw exists in the "flag" parameter of the web interface, exploitable via crafted input. Affected product version range is before 3.0.0.4.380.8015 . The root cause is a lack of proper input handling lea...
CVE-2010-2044
creationtimestamp| type| source ---|---|--- 2010-05-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12590...