132 matches found
Atlassian Jira Service Management Data Center and Server 5.11.3 < 5.12.20 / < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.6.0 (JSDSERVER-16207)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16207 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...
CVE-2022-2844
A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvcid=1doaction=mvparse=datafeed=1index=1=adddetails=2 of the component Calendar Handler. The manipulation of the argument...
CVE-2021-4253
A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument siteid leads to cross site scripting. It is possible to launch the attack remotely. The nam...
Unauthorized State Modification
reflex is vulnerable to Unauthorized State Modification. The vulnerability is due to improper access control and event handler, including private and non-client-side fields, that allows an attacker to modify arbitrary state fields, including private ones, if their names are guessed...
Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.
Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...
CVE-2025-4269 TOTOLINK A720R Log cstecgi.cgi access control
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog...
CVE-2025-3962
A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated...
CVE-2025-3801
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...
CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...
CVE-2025-1949 ZZCMS URL register_nodb.php cross site scripting
A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenterapi/code/registernodb.php of the component URL Handler. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...
PT-2025-9187 · Eastnets · Eastnets Paymentsafe
Name of the Vulnerable Software and Affected Versions: Eastnets PaymentSafe version 2.5.26.0 Description: A problem has been found in Eastnets PaymentSafe, affecting some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization...
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...
CVE-2023-37023
Open5GS MME versions = 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...
CVE-2023-37023
Open5GS MME versions = 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...
The vulnerability of the New Process Group Handler component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to read, modify, or delete data.
The vulnerability of the New Process Group Handler component in the Apache NiFi data processing platform is related to the improper use of intermediaries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to read, modify, or delete data...
CVE-2024-13140
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=uploadcover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launc...
(0Day) Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the customhandler method. The issue results from the lack of...
CVE-2024-12661 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E024 null pointer dereference
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack need...
CVE-2024-12658 IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E01C null pointer dereference
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required t...
CVE-2024-12656 FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference
A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The...