Lucene search
+L

183 matches found

Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.4 views

CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-20053

Malware in sbrugna...

6.5CVSS6.5AI score0.00823EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1710

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00845EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:20 a.m.4 views

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.

...

6.5CVSS7AI score0.00823EPSS
Exploits0
OSV
OSV
added 2025/08/14 1:15 p.m.5 views

DEBIAN-CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS7.2AI score0.00412EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/14 1:0 p.m.3 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...

8.8CVSS7.5AI score0.00412EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/14 1:0 p.m.5 views

CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS8.7AI score0.00412EPSS
Exploits0
Snyk
Snyk
added 2025/08/12 9:40 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

6.3CVSS7AI score0.00541EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/12 9:40 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting...

6.3CVSS6.9AI score0.00541EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.8 views

CVE-2023-34624

An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

7.5CVSS6.7AI score0.01048EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.8 views

CVE-2023-34613

An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

7.5CVSS6.8AI score0.00845EPSS
Exploits1
Cvelist
Cvelist
added 2024/09/23 2:16 p.m.25 views

CVE-2024-23934 Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target...

8.8CVSS0.00986EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/19 6:12 p.m.2 views

jackson-databind: denial of service via cylic dependencies

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References4
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.40 views

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.9AI score0.03807EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/03/22 4:56 p.m.38 views

Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder

Summary Symfony 1 has a gadget chain due to dangerous unserialize in sfNamespacedParameterHolder class that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will...

9.8CVSS9.9AI score0.01534EPSS
Exploits1References3Affected Software1
Amazon
Amazon
added 2024/02/19 12:0 a.m.20 views

Medium: jtidy

Issue Overview: An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CVE-2023-34623 Affected Packages: jtidy Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

7.5CVSS7.5AI score0.00866EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/02/12 10:27 a.m.6 views

jackson-databind: denial of service via cylic dependencies

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/01/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it...

8.8CVSS7.4AI score0.38038EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.10 views

The vulnerability in the elf.c component of the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the elf.c component in the GNU Binutils development environment is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure using a specially created object file...

7.8CVSS6.8AI score0.01289EPSS
Exploits0References5Affected Software2
SUSE CVE
SUSE CVE
added 2023/06/16 1:16 a.m.3 views

SUSE CVE-2023-34623

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

5.9CVSS7AI score0.00866EPSS
Exploits1References6
Rows per page
Query Builder