Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50888

Name of the Vulnerable Software and Affected Versions Tornado versions 6.5.2 and below Description Tornado, a Python web framework and asynchronous networking library, is susceptible to a denial-of-service DoS condition. The parseparam function within the httputil.py file utilizes an inefficient...

9.8CVSS6.4AI score0.01525EPSS
Exploits2References146
Cvelist
Cvelist
added 2025/11/30 5:2 p.m.12 views

CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

5.3CVSS0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/30 12:0 a.m.11 views

PT-2025-48396

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can le...

5.3CVSS5.2AI score0.0027EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/31 12:0 a.m.4 views

CVE-2025-63468

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7AI score0.00376EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-2627

Malware in sbrugna...

6.8CVSS6.4AI score0.02004EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-0280

Malware in sbrugna...

6.5CVSS6.4AI score0.04652EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3143

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00723EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/15 4:56 p.m.10 views

CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

6.9CVSS0.00332EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 11:15 p.m.4 views

CVE-2025-6975

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendarheader’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/02/06 4:42 p.m.5 views

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

8.4CVSS6.2AI score0.00679EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/02/03 1:5 a.m.8 views

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

8.4CVSS6.2AI score0.00679EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/01/30 1:30 p.m.8 views

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

8.4CVSS6.2AI score0.00679EPSS
Exploits1References6
OSV
OSV
added 2024/12/27 12:34 p.m.3 views

OESA-2024-2601 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: GNOME libsoup before 3.6.1 allows a buffer overflow in application...

8.4CVSS7.3AI score0.00679EPSS
Exploits1References2
NVD
NVD
added 2024/07/10 12:15 p.m.56 views

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

8.7CVSS0.00477EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/10 11:59 a.m.20 views

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

8.7CVSS6.8AI score0.14573EPSS
Exploits0References3
CVE
CVE
added 2024/07/10 11:59 a.m.58 views

CVE-2024-3799

CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...

8.7CVSS6.5AI score0.14573EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/10 11:59 a.m.31 views

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

8.7CVSS0.14573EPSS
Exploits0References3
OSV
OSV
added 2024/06/28 1:15 p.m.4 views

CVE-2024-3801

Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

6.1CVSS5.8AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2023/12/11 3:8 p.m.19 views

GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx

The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...

5.3CVSS5.4AI score0.00723EPSS
Exploits1References2
OSV
OSV
added 2023/12/05 11:29 p.m.13 views

GHSA-7F9X-GW85-8GRF lestrrat-go/jwx's malicious parameters in JWE can cause a DOS

Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...

5.3CVSS5.4AI score0.00723EPSS
Exploits1References4
Rows per page
Query Builder