18 matches found
CVE-2026-34973
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE...
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE...
CVE-2026-34973
creationtimestamp| type| source ---|---|--- 2026-03-31 17:22:54+00:00| published-proof-of-concept| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x 2026-03-31 17:22:54+00:00| published-proof-of-concept|...
MAL-2025-34973 Malicious code in test-mlw2-bluer-xenon (npm)
The package test-mlw2-bluer-xenon was found to contain malicious code...
CVE-2022-34973
D-Link DIR820LA1FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp...
Qnap QTS Insufficient Entropy (CVE-2023-34973)
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and...
CVE-2021-34973
Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must vis...
QNAP QuTS hero Multiple Vulnerabilities (QSA-23-58, QSA-23-59)
QNAP QuTS hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...
QNAP QTS Multiple Vulnerabilities (QSA-23-58, QSA-23-59)
QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...
CVE-2023-34973
creationtimestamp| type| source ---|---|--- 2023-08-24 20:12:59+00:00| seen| https://t.me/cibsecurity/69123...
CVE-2023-34973
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and...
CVE-2023-34973 QTS, QuTS hero
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and...
CVE-2023-34973
CVE-2023-34973 affects QNAP QTS and QuTS hero (h5.x). The issue is described as an insufficient entropy vulnerability that could allow remote users to predict a secret via unspecified vectors. Fixed in QTS 5.0.1.2425 build 20230609 and later, QTS 5.1.0.2444 build 20230629 and later, and QuTS hero...
CVE-2023-34973 QTS, QuTS hero
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and...
CVE-2022-34973
creationtimestamp| type| source ---|---|--- 2022-08-03 18:18:48+00:00| seen| https://t.me/cibsecurity/47494...
CVE-2022-34973
CVE-2022-34973 affects D-Link DIR-820L family (e.g., DIR820LA1) with firmware FW106B02 and earlier. Root cause: a buffer overflow in the ping.ccp component triggered by the nextPage parameter, enabling a potential remote DoS. CVSS indicates NETWORK access, Low attack complexity, no privileges or ...
CVE-2025-34973
...
CVE-2025-34973
This CVE ID is rejected/not used and does not represent an active vulnerability entry.