Lucene search
K

769 matches found

CNNVD
CNNVD
added 2025/06/06 12:0 a.m.2 views

QNAP Qsync Central 格式化字符串错误漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A Formatting String Error vulnerability exists in QNAP Qsync Central, which originates from an externally controlled formatting string and could allow a remote attacker to obta...

8.1CVSS6.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2025/05/29 10:15 a.m.10 views

CVE-2025-48388

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...

7CVSS0.00333EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.4 views

FreeScout 注入漏洞

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a string formatting vulnerability that stems from insufficient validati...

7CVSS6.8AI score0.00333EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.27 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS5.5AI score0.00536EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.1 views

CVE-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

5.4CVSS6.5AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.6 views

CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...

6.5CVSS6.6AI score0.03053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.7 views

CVE-2019-17427

In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors...

6.1CVSS5.9AI score0.01598EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:0 a.m.6 views

CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...

5.3CVSS6.8AI score0.00809EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:15 a.m.10 views

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site...

2.6CVSS6.8AI score0.01061EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.1 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor from jqlang open source. A security vulnerability exists in jq 1.7.1 and earlier versions, which stems from a heap buffer overflow in the jvstringvfmt function...

8.7CVSS6.8AI score0.00443EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.5 views

PT-2025-23148 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to insufficient validation of user-supplied data, which is used as arguments to string formatting functions. This allows an attacker to pass a string containing special...

8CVSS6.1AI score0.00333EPSS
Exploits1References15
Hacker One
Hacker One
added 2025/03/25 3:38 p.m.319 views

AWS VDP: Bedrock Guardrails Evasion with Prompt Formatting

Description Greetings, my name is ██████ and I am a Director here at NR Labs. We recently completed disclosure of this vulnerability by working with ████ and the AWS Security team. We are submitting this issue to the AWS VDP to create an official record of the issue with AWS in preparation for a...

6.6AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/03/19 10:36 a.m.1 views

Security update for orc

This update for orc fixes the following issues: CVE-2024-40897: Fixed a stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files bsc1228184 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

7CVSS7.8AI score0.00379EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 10:36 a.m.2 views

SUSE-SU-2025:20152-1 Security update for orc

This update for orc fixes the following issues: - CVE-2024-40897: Fixed a stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files bsc1228184...

7CVSS7.7AI score0.00379EPSS
Exploits0References3
Drupal
Drupal
added 2025/03/19 12:0 a.m.14 views

Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024

This module adds a formatter for link fields that displays the current entity with another view mode inside the link. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal core has been released bu...

6.1CVSS6.6AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

Fortinet FortiOS 格式化字符串错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform from the American company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam. A...

7.2CVSS6.6AI score0.00679EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/09 12:0 a.m.26 views

Apache Camel 安全漏洞

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

5.6CVSS7.4AI score0.79817EPSS
Exploits3References9
OSV
OSV
added 2025/02/26 7:1 a.m.1 views

UBUNTU-CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

7.1CVSS6.2AI score0.00277EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/02/06 4:10 a.m.8 views

CVE-2021-40415

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. In cgicheckability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the...

7.1CVSS6.8AI score0.00807EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 1:20 a.m.17 views

CVE-2022-21590

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Core Formatting API. Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

7.6CVSS6.8AI score0.00645EPSS
Exploits0References1
Rows per page
Query Builder