Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

CVE-2026-1335

creationtimestamp| type| source ---|---|--- 2026-02-16 16:30:17+00:00| seen| https://infosec.exchange/users/offseq/statuses/116081257121464468 2026-02-16 16:30:19+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meyhwammwv2e 2026-02-16 22:35:37+00:00| seen|...

CVE-2003-1335

Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.5 allows remote attackers to download files from locations above the snif directory...

CVE-2025-1335

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-1335

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to...

CVE-2019-1335

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366...

CVE-2011-1335

Cross-site scripting XSS vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."...

Linux Distros Unpatched Vulnerability : CVE-2014-1335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2025-1335

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-1335

CmsEasy 7.7.7.9 contains a path traversal vulnerability in the deleteimg_action function of lib/admin/file_admin.php. Manipulating the imgname parameter enables traversal, and the issue is remotely exploitable with disclosure of the exploit. Multiple sources confirm the affected component and nat...

CVE-2025-1335 CmsEasy file_admin.php deleteimg_action path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-1335 CmsEasy file_admin.php deleteimg_action path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

PT-2024-25715 · Jenkins · Jenkins Script Security Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1335.vf07d9ce377a e and earlier Description: A sandbox bypass issue allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execut...

Rocky Linux 8 : dnsmasq (RLSA-2024:1335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1335 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

Oracle Linux 8 : dnsmasq (ELSA-2024-1335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1335 advisory. 2.79-31.2 - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 2.79-31.1 - Do not crash on invalid domain in...

RHSA-2024:1335

creationtimestamp| type| source ---|---|--- 2024-03-14 17:17:17+00:00| seen| https://t.me/ctinow/207953...

CentOS 8 : dnsmasq (CESA-2024:1335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1335 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

RHEL 8 : dnsmasq (RHSA-2024:1335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1335 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1335)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1335

The ImageRecycle pdf & image compression WordPress plugin (