CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

CVE-2025-59480

Mattermost Mobile Apps (Android/iOS) versions up to and including 2.32.0 are affected by an insufficient verification of SSO redirect tokens. The root cause is failure to verify that SSO tokens originate from a trusted server, enabling a malicious Mattermost instance or an on-path attacker to obt...

PT-2025-50985

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description An injection issue existed due to inadequate validation, potentially allowing an application to access sensitive user data. Recommendations Update to macOS version 26.1...

PT-2025-50996

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description An injection issue existed due to inadequate validation, potentially allowing an application to access sensitive user data. Recommendations Update to macOS version 26.1...

EUVD-2019-9576

Malware in sbrugna...

EUVD-2022-51835

Malicious code in bioql PyPI...

WordPress plugin Compress & Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Complaint Management System Cross-Site Request Forgery Vulnerability

Complaint Management System is a complaint management system. The Complaint Management System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could use this...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to improper bounds checking due to inadequate validation in the MDLImporter::InternReadFile3DGSMDL345 function of MDLLoader.cpp, which allows a local attacker to read data outside the intended memory bounds...

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

CVE-2025-4564

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...

IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files...

Race Condition

OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...

BIT-MLFLOW-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

HTTP Header Injection

puma is vulnerable to HTTP Header Injection. The vulnerability is due to inadequate validation and prioritization of HTTP headers, where Puma does not properly distinguish between standard headers and those with underscores, allowing conflicting headers to coexist without proper handling...

Path Traversal

org.springframework:spring-webmvc and org.springframework:spring-webflux are vulnerable to Path Traversal. The vulnerability is due to inadequate validation of file paths in HTTP requests, allowing access to files on the file system when using RouterFunctions with a FileSystemResource location...

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

CVE-2024-5148 Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

Joomla! URL Validation Vulnerability (20240801)

Joomla! is prone to an inadequate validation of internal URLs vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...