Lucene search
+L

17 matches found

Github Security Blog
Github Security Blog
added 2026/05/26 11:41 p.m.35 views

FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue

Summary An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist. Details The issue is caused by the combination of these code paths: - server/api/apikeys/verify-api-or-token.js:45 sends requests without x-api-k...

6AI score0.00143EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43446

Summary An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist. Details The issue is caused by the combination of these code paths: - server/api/apikeys/verify-api-or-token.js:45 sends requests without x-api-k...

8.7CVSS6AI score0.00143EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/31 11:29 p.m.5 views

SUSE CVE-2025-66038

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...

3.9CVSS5.9AI score0.00282EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/03/30 8:48 p.m.4 views

CVE-2025-66038

A flaw was found in OpenSC, an open-source smart card tools and middleware. The sccompacttlvfindtag function, which searches compact-TLV Tag-Length-Value buffers, does not adequately verify the claimed value length against the remaining buffer size. This vulnerability allows attackers to provide...

6.8CVSS5.9AI score0.00282EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3028

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.0182EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31590

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00458EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/29 11:32 p.m.2 views

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

8.7CVSS6.3AI score0.00458EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7.5CVSS6.7AI score0.04233EPSS
Exploits0References6
OSV
OSV
added 2020/04/27 1:15 p.m.8 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2017/02/09 3:59 p.m.28 views

CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7.5CVSS6.5AI score
Exploits0References8
OSV
OSV
added 2017/02/09 3:59 p.m.3 views

ALPINE-CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7.5CVSS6.7AI score0.04233EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/02/09 3:0 p.m.25 views

CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7AI score0.04233EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2017/02/09 3:0 p.m.29 views

CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7.5CVSS7.3AI score0.04233EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/02/09 3:0 p.m.56 views

CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

7.5CVSS7.2AI score0.04233EPSS
Exploits0
Prion
Prion
added 2016/05/01 1:59 a.m.19 views

Design/Logic Flaw

Off-by-one error in epan/dissectors/packet-gsmabisoml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers a 0xff tag value...

4.3CVSS6.9AI score0.0137EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2016/02/28 2:0 a.m.47 views

CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

5.9CVSS5.1AI score0.02474EPSS
Exploits0
NVD
NVD
added 2006/07/06 8:5 p.m.18 views

CVE-2006-3356

The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service application crash via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469...

2.6CVSS6.3AI score0.01311EPSS
Exploits0References3
Rows per page
Query Builder