PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

curl: TELNET option IAC injection

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

Taffy has an unspecified vulnerability

Taffy is a data selection engine that supports insertion, updating and statistics. A security vulnerability exists in taffy 2.6.2 and earlier versions. An attacker can exploit the vulnerability to access arbitrary data entries in the DB with the help of user input with redundant attributes...

CVE-2019-15010

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before...

CVE-2017-16116

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods...

Privilege escalation

Privilege Escalation vulnerability in McAfee Management of Native Encryption MNE before 4.1.4 allows local users to gain elevated privileges via a crafted user input...

CVE-2018-6662

Privilege Escalation vulnerability in McAfee Management of Native Encryption MNE before 4.1.4 allows local users to gain elevated privileges via a crafted user input...

CVE-2017-3961

Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes...

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell...

Cisco Policy Suite Privilege Escalation Vulnerability

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

Code injection

A vulnerability in a script file that is installed as part of the Cisco Policy Suite CPS Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file...

CVE-2017-3819

A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...