EUVD-2020-6522

Malware in sbrugna...

EUVD-2024-0528

Malicious code in bioql PyPI...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-36202 IBM webMethods Integration code execution

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-52620

CVE-2025-52620 affects HCL BigFix SaaS Authentication Service. The vulnerability is a Cross-Site Scripting (XSS) flaw arising from inadequate validation of submitted image formats in the image upload feature. Affected component is the image upload handling; root cause is insufficient validation l...

CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2023-6604 Ffmpeg: hls xbin demuxer dos amplification in ffmpeg

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...

CVE-2023-6604

CVE-2023-6604 affects FFmpeg and is described across multiple connected sources as a flaw where demuxing arbitrary data as XBIN-formatted data can cause unexpected CPU load or storage consumption, leading to degraded performance or DoS. The Debian LTS advisory (DLA-4241-1) and related Nessus entr...

CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...

AZL-49187 CVE-2024-45026 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient ESE or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasdeseneedsformat function checks for...

CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...

nuclei_poc

Nuclei POCs Nuclei POCs, updated daily Chinesehttps://git...

CVE-2024-27087

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

Code injection

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

CVE-2024-27087

Kirby 4 introduces a link field with a Custom type that can accept javascript: URLs. This leads to cross-site scripting (XSS) when unvalidated Custom links are rendered and clicked by users. The vulnerability stems from insufficient sanitization/validation of Custom links, enabling arbitrary Java...

Hyperledger Aries Cloud Agent Python Data Forgery Issue Vulnerability

Hyperledger Aries Cloud Agent Python is a tool for building the foundation of decentralized identity applications and services that run in non-mobile environments. A data forgery issue vulnerability exists in Hyperledger Aries Cloud Agent Python versions prior to 0.7.0, which stems from a data...