Lucene search
+L

12 matches found

Cvelist
Cvelist
added 2026/07/01 7:53 a.m.39 views

CVE-2026-13733 Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 8:22 p.m.30 views

CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
OSV
OSV
added 2026/06/26 8:22 p.m.3 views

CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS6.1AI score0.00258EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/06/25 6:14 p.m.36 views

CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

7.3CVSS0.00215EPSS
Exploits0References4
OSV
OSV
added 2025/09/16 4:23 p.m.6 views

CVE-2025-59050 Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...

8.4CVSS7.3AI score0.00274EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.3 views

Schneider Electric IGSS Data Server 缓冲区错误漏洞

The Schneider Electric Igss Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A buffer overflow vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from a boundary error when processing...

9.8CVSS6.7AI score0.01258EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/09 12:0 a.m.3 views

CVE-2021-38910

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID:...

5.3CVSS6AI score0.01102EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/01/03 12:0 a.m.4 views

Schneider Electric Modicon M580 Has Denial of Service Vulnerability

The Schneider Electric Modicon M580 is an Ethernet programmable controller. A denial of service vulnerability exists in the Schneider Electric Modicon M580, which can be exploited by an attacker to cause a denial of service by sending a carefully constructed 0x28 function code data message...

7AI score
Exploits0
CNVD
CNVD
added 2019/11/27 12:0 a.m.5 views

Denial of Service Vulnerability in H3C S5000PV3-EI Series Ethernet Switches

H3C S5000PV3-EI series Ethernet switch is a new generation of high-performance full Gigabit managed switch for small and medium-sized business market SMB market based on industry-leading comware V7 platform, which supports IRF2 stacking, and provides complete security access policy and stronger...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/11/25 12:0 a.m.3 views

Denial of Service Vulnerability in ZXR10 1800-2S

The ZXR10 1800-2S is a router product from China's ZTE Corporation ZTE. A denial of service vulnerability exists in the ZXR10 1800-2S, which can be exploited by an attacker to cause a denial of service by constructing a special data message...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/09/24 12:0 a.m.3 views

TP-LINK TL-WR703N Router Has Denial of Service Vulnerability

The TP-LINK TL-WR703N is a mini wireless router from China's TP-Link. A denial of service vulnerability exists in the TP-LINK TL-WR703N router, where an attacker can cause a denial of HTTP service response by constructing a special data message to be sent to the router's WAN port IP address witho...

6.7AI score
Exploits0
CNVD
CNVD
added 2019/08/21 12:0 a.m.9 views

Siemens SIMATIC S7-300 PLC suffers from a denial of service vulnerability.

The Siemens SIMATIC S7-300 is a modular general-purpose controller from Siemens for the manufacturing industry. A denial of service vulnerability exists in the Siemens SIMATIC S7-300 PLC. An attacker can cause the HTTP service to refuse to respond by constructing a special data message...

6.8AI score
Exploits0
Rows per page
Query Builder