CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2018-25122

Nagios XI

EUVD-2025-36734

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

PT-2025-44537

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-58185

CVE-2025-58185 concerns Go’s encoding/asn1 DER payload parsing. The advisory notes that memory can be exhausted when big, unvalidated DER payloads are parsed, affecting functions such as asn1.Unmarshal, x509.ParseCertificateRequest, and ocsp.ParseResponse. This memory-allocation issue arises befo...

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/asn1 is a Go standard library package std/encoding/asn1 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causin...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The processing time for parsing some invalid inputs scales non-linearly with respect to th...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CLSA-2025-1761744708 git: Fix of CVE-2024-50349

CVE-2024-50349: fix issue where URLs can obfuscate the host asking for credentials, by using strbufaddpercentencode to sanitise the host name and port...

Exploit for CVE-2020-14882

🌐 CVE-2020-14882 — Oracle WebLogic Server Remote Code Execut...

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from an interface conversion error when validating a certificate chain containing a DSA public key,...

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from a non-linear correlation between processing time and input size when parsing certain invalid...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the possibility of allocating a large amount of memory when parsing a specially crafted DER payload, leading to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...