Lucene search
K

22173 matches found

NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37075

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS0.00453EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/03 10:4 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via inconsistent interpretation of HTTP request headers in the server-side request handler. An attacker can bypass protections by submitting special...

6CVSS5.6AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS6.1AI score0.00453EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 10:1 p.m.13 views

CVE-2020-37075

Affected software: LanSend 3.2. Vulnerability: Buffer overflow in the Add Computers Wizard file import functionality. This allows overwriting Structured Exception Handler (SEH) and executing shellcode when importing a crafted payload file. Impact: Remote code execution with high impact to confide...

9.8CVSS6.1AI score0.00453EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS0.00453EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37075

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS6.1AI score0.00453EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.5 views

CVE-2020-37074

Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...

9.8CVSS6.3AI score0.00337EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.30 views

CVE-2020-37074 Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)

Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...

9.8CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 10:1 p.m.14 views

CVE-2020-37074

CVE-2020-37074 affects Remote Desktop Audit 2.3.0.157. The vulnerability is a buffer overflow in the Add Computers Wizard file import process that can be triggered by a crafted payload, bypasses SEH, and allows arbitrary code execution (shellcode) on import of computer lists. Documented impact in...

9.8CVSS6.3AI score0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:32 p.m.3 views

CVE-2026-1811

A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path traversal. The attack may ...

6.5CVSS6AI score0.00463EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/03 9:12 p.m.11 views

CVE-2026-25151

CVE-2026-25151 affects Qwik City (server-side) prior to version 1.19.0, where the server-side request handler inconsistently interprets HTTP headers, enabling a CSRF protection bypass via specially crafted or multi-valued Content-Type headers. The vulnerability can let remote attackers bypass ori...

5.9CVSS5.5AI score0.00159EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:12 p.m.4 views

CVE-2026-25151

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...

5.9CVSS5.5AI score0.00159EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 9:11 p.m.1 views

CVE-2026-25149 Qwik City Open Redirect via fixTrailingSlash

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...

6.9CVSS5.6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 9:11 p.m.4 views

EUVD-2026-5169

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...

6.9CVSS5.6AI score0.00237EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/03 8:58 p.m.7 views

Qwik City Open Redirect via fixTrailingSlash

Summary Description An Open Redirect CWE-601 vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from t...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 8:32 p.m.5 views

CVE-2026-1810 bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

6.5CVSS5.1AI score0.00393EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/03 8:32 p.m.4 views

EUVD-2026-5175

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

6.5CVSS5.1AI score0.00393EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 8:32 p.m.3 views

CVE-2026-1810

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

6.5CVSS5.1AI score0.00393EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/03 2:32 p.m.32 views

CVE-2025-13473

CVE-2025-13473 affects Django 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The vulnerability lies in django.contrib.auth.handlers.modwsgi.check_password(), where authentication via mod_wsgi can allow remote attackers to enumerate users via a timing attack. Earlier/unsupported serie...

5.3CVSS5.5AI score0.00713EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/02/03 2:32 p.m.4 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.4AI score0.00713EPSS
Exploits0
Rows per page
Query Builder