5 matches found
Improper Validation of Specified Index, Position, or Offset in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...
CVE-2020-36883 SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to...
CVE-2025-61456
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
EUVD-2024-36201
Malicious code in bioql PyPI...
PT-2024-27147 · Oneflow · Oneflow
Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue allows attackers to cause a Denial of Service DoS when an index as a negative number exceeds the range of size. Recommendations: For version 0.9.1, consider restricting the input of negative index...