172 matches found
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2022-42750
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...
CVE-2022-42744
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2025-2586
OpenShift Lightspeed Service is affected by unauthenticated API request flooding that can exhaust resources and cause service degradation or unavailability. The vulnerability arises from repeated queries to non-existent endpoints (for example, /api/v1/nonexistent), inflating metrics storage/proce...
CVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...
UBUNTU-CVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...
CVE-2024-10603
CVE-2024-10603 concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google’s gVisor that could allow an external attacker to predict them in certain circumstances. The connected Nessus, OSV, NVD, and vendor advisories consistently reference gVisor-related ...
CVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...
CVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...
CVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...
PT-2025-1598 · Google · Gvisor
Name of the Vulnerable Software and Affected Versions: gVisor affected versions not specified Description: The issue concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor. This allowed an external attacker to predict these values in certain...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
DEBIAN-CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
Authorization Bypass
directus is vulnerable to Authorization Bypass. The vulnerability is caused due to a missing validation for the user parameter in the PATCH requests for the end point /presets. This allows an authenticated external attacker to modify presets created by the same user to assign them to another user...
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...