CVE-2024-7407

Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

CVE-2024-50629

Summary: CVE-2024-50629 affects Synology BeeStation OS (BSM) and DiskStation Manager (DSM). The vulnerability is in the webapi component and arises from improper encoding or escaping of output, allowing remote attackers to read limited files via unspecified vectors. Affected products/versions inc...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2025-1774

CVE-2025-1774 is a string-encoding vulnerability in NASK - PIB BotSense where an additional field separator character or value can be injected into generated events’ extraData. Affected versions are BotSense before 2.8.0. Root cause: incorrect string encoding that allows extra separators/values t...

CVE-2024-48866 QTS, QuTS hero

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-48866 QTS, QuTS hero

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-31617

OpenLiteSpeed before 1.8.1 mishandles chunked encoding...

MGASA-2023-0338 Updated libvpx packages fix a security vulnerability

The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488...

CVE-2023-43776 Weak encoding vulnerability in easyE4

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Code injection

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

CVE-2021-37085

There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service...

PMXUtil (>=0.1.0 <=0.7.0), a-gpt (>=0.1.0 <=0.4.0) +810 more potentially affected by unknown CVE via encoding (=0.2.33)

encoding CARGO version =0.2.33 is affected by a known vulnerability. The following packages have a transitive dependency on encoding and may be impacted: - PMXUtil =0.1.0, =0.1.0, =0.1.7, =0.2.1, =0.1.1, =0.8.0, =0.3.0, =0.1.3, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves:...

CVE-2021-33665

SAP NetWeaver Application Server ABAP Applications based on SAP GUI for HTML, versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

DEBIAN-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...