62 matches found
PT-2025-50888
Name of the Vulnerable Software and Affected Versions Tornado versions 6.5.2 and below Description Tornado, a Python web framework and asynchronous networking library, is susceptible to a denial-of-service DoS condition. The parseparam function within the httputil.py file utilizes an inefficient...
CVE-2025-13793 winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...
PT-2025-48396
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can le...
CVE-2025-63468
Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2007-2627
Malware in sbrugna...
EUVD-2009-0280
Malware in sbrugna...
EUVD-2023-3143
Malicious code in bioql PyPI...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-6975
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendarheader’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for...
libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...
libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...
libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...
OESA-2024-2601 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: GNOME libsoup before 3.6.1 allows a buffer overflow in application...
CVE-2024-3798
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...
CVE-2024-3799 Shell command injection in Phoniebox
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...
CVE-2024-3799
CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...
CVE-2024-3799 Shell command injection in Phoniebox
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...
CVE-2024-3801
Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...
GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx
The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...
GHSA-7F9X-GW85-8GRF lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...