1083 matches found
Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
...
CVE-2025-58098
CVE-2025-58098 affects Apache HTTP Server 2.4.65 and earlier when Server Side Includes (SSI) is enabled and mod_cgid (not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives, enabling potential command injection. The issue impacts Apache HTTP Server before 2.4.66; remedia...
CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...
OpenSearch is vulnerable to DoS via complex query_string inputs
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0...
EUVD-2025-199644
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 3.2.0...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...
CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
UBUNTU-CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
CVE-2025-9624 OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
CVE-2025-9624 OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
CVE-2025-9624
OpenSearch CVE-2025-9624: A DoS vulnerability via complex query_string inputs affects OpenSearch 3.0.0–3.2.x and OpenSearch
OpenSearch 安全漏洞
OpenSearch is a distributed search and analysis software from OpenSearch open source. A security vulnerability exists in OpenSearch versions prior to 3.2.0 that stems from improper handling of complex querystring inputs, which could lead to a denial of service attack...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
Netcad Netigma 跨站脚本漏洞
Netcad Netigma is an enterprise-level GIS and business application development platform from Netcad Turkey. A cross-site scripting vulnerability exists in Netcad Netigma 28102025 and prior versions, which stems from improperly neutralized HTTP query string inputs and could lead to cross-site...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
CVE-2025-31954
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...
EUVD-2025-37917
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...
CVE-2025-31954
CVE-2025-31954 affects HCL iAutomate in versions 6.5.1 and 6.5.2. The root cause is using HTTP GET to process requests with sensitive information in the query string, enabling potential disclosure of limited information to an unintended party. Impact is information disclosure; no exploitation det...