13 matches found
EUVD-2026-27865
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...
CVE-2026-21661
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...
CVE-2026-26097
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26099
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26099
Owl opds 2.2.0.4 contains an Uncontrolled Search Path Element vulnerability. The issue allows manipulating configuration file search paths via a crafted network request, indicating potential impact on confidentiality, integrity, and availability as described by the CVSS metrics (base score 8.4, H...
CVE-2026-26098 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
Owl Cyber Defense OPDS 代码问题漏洞
Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a code vulnerability; this vulnerability stems from an uncontrolled search path element, which may lead to the exploitation of t...
EUVD-2025-17643
Malicious code in bioql PyPI...
EUVD-2023-38471
Malicious code in bioql PyPI...
CVE-2025-3117
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3117
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3117
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
CVE-2025-3117
CVE-2025-3117 affects Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262). The vulnerability is a Cross-Site Scripting (CWE-79) caused by improper neutralization of input during web page generation, allowing an authenticated malicious user to inject unvalidated data that could mod...