Lucene search
K

330 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 2:24 p.m.8 views

CVE-2025-8276

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

9.8CVSS5.4AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2025/09/16 2:0 p.m.22 views

CVE-2025-8276

CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...

9.8CVSS5.4AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 2:0 p.m.14 views

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

4.3CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 2:0 p.m.5 views

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

4.3CVSS5.4AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

GetSimple CMS 命令注入漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS versions 3.3.16 through 3.3.21, which originates from a specially crafted query string that can be injected into arbitrary PHP code and executed by an authenticated user,...

8.8CVSS7.8AI score0.00764EPSS
Exploits1References2
OSV
OSV
added 2025/05/29 9:16 a.m.7 views

CVE-2025-48388 FreeScout Has Insufficient Protection Against CRLF-injection

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...

7CVSS6.8AI score0.00336EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:41 a.m.4 views

CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

9.3CVSS7.3AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.14 views

CVE-2019-14410

Maketext in cPanel before 78.0.2 allows format-string injection in the Email storefilter UAPI SEC-472...

3.3CVSS7.2AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:5 a.m.6 views

CVE-2016-10773

cPanel before 60.0.25 allows format-string injection in exception-message handling SEC-171...

8.8CVSS7.3AI score0.01054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.8 views

CVE-2016-11064

An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection...

9.8CVSS7.2AI score0.01285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.17 views

CVE-2019-14412

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...

3.3CVSS7.2AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 7:13 p.m.6 views

RLSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

6.8CVSS7.2AI score0.27992EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.13 views

RockyLinux 9 : ghostscript (RLSA-2024:6197)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due t...

6.3CVSS7.3AI score0.27992EPSS
Exploits6References7
RedhatCVE
RedhatCVE
added 2025/02/05 10:10 p.m.10 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

9.8CVSS6.8AI score0.00898EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.11 views

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS7.2AI score0.00869EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.12 views

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.8CVSS7AI score0.01241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.20 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS6.8AI score0.01261EPSS
Exploits1References1
NVD
NVD
added 2024/10/22 5:15 p.m.24 views

CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

9.3CVSS0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/22 5:9 p.m.30 views

CVE-2024-9129 Format String Injection in Zend Server

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

9.3CVSS0.00408EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 5:9 p.m.43 views

CVE-2024-9129

CVE-2024-9129 affects Zend Server versions 8.5 and earlier than 9.2. The vulnerability is a format string injection in Zend Server. According to the provided metrics, the CVSS 4.0 base score is 9.3 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and impacts to ...

9.3CVSS7.2AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder