Lucene search
K

104 matches found

CNNVD
CNNVD
added 2026/01/26 12:0 a.m.7 views

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by improper header parsing. Thi...

5.3CVSS6AI score0.00449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/13 3:59 a.m.3 views

CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

4.3CVSS5.7AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/10/08 5:41 p.m.3 views

JLSEC-2025-1 CR/LF injection in URIs.jl (also affects HTTP.jl)

Description The URIs.jl and HTTP.jl packages allowed the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. With this simple Julia code, you can inject a custom header named Foo with the value bar: juli...

8.7CVSS7.1AI score0.00366EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0639

Malware in sbrugna...

6.5CVSS6.1AI score0.02712EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-1317

Malware in sbrugna...

10CVSS9.5AI score0.03989EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32977

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.0125EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-45978

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-45977

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.01076EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1446

Malicious code in bioql PyPI...

7.1CVSS6.2AI score0.0099EPSS
Exploits1References4
OSV
OSV
added 2025/08/11 1:51 p.m.3 views

BIT-LIBPYTHON-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

7.2CVSS7.4AI score0.0642EPSS
Exploits1References15
CNNVD
CNNVD
added 2025/06/21 12:0 a.m.5 views

Dnn.Platform 跨站脚本漏洞

Dnn.Platform is an open source web content management platform CMS open sourced by Dnn Software. A cross-site scripting vulnerability exists in Dnn.Platform versions prior to 10.0.1, which stems from a specially crafted request injection script that could lead to a cross-site scripting attack...

5.4CVSS6.1AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.14 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS6.2AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.7 views

CVE-2024-29155

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.11 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS5.8AI score0.01076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.13 views

CVE-2023-24497

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

4.7CVSS6.4AI score0.00652EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:15 p.m.8 views

CVE-2024-39785

Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

9.1CVSS7.6AI score0.06193EPSS
Exploits1References1
NVD
NVD
added 2025/01/14 3:15 p.m.15 views

CVE-2024-39788

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

9.1CVSS0.01457EPSS
Exploits1References2
OSV
OSV
added 2024/11/18 6:15 a.m.4 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 12:0 a.m.10 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS6.2AI score0.00343EPSS
Exploits0References1
CVE
CVE
added 2024/11/18 12:0 a.m.69 views

CVE-2024-52943

The connected sources provide concrete details for CVE-2024-52943: Veritas Enterprise Vault (pre-15.1 UPD882911) has an issue in the HTMLView endpoint where an authenticated remote attacker can inject a parameter into an HTTP request, causing Cross-Site Scripting (XSS) when viewing archived conte...

5.4CVSS5.9AI score0.01076EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder