Improper Encoding or Escaping of Output

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query strings by supplying...

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

Linux Distros Unpatched Vulnerability : CVE-2026-31934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime...

CVE-2026-31934

A flaw was found in Suricata, a network Intrusion Detection System IDS, Intrusion Prevention System IPS, and Network Security Monitoring NSM engine. A remote attacker could exploit a quadratic complexity issue when searching for URLs in MIME-encoded messages over SMTP. This could lead to a...

DEBIAN-CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

VulnCheck KEV: CVE-2024-2194

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2022-2510

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Dorkify - Perform Google Dork Search

Perform Google Dork search with Dorkify Google Dorking Google dorking is a hacker technique that uses Google Search to find security holes in the configuration and computer code that websites use. Google Dorking involves using advanced operators in the Google search engine to locate specific...

pykto

This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...

Stack overflow

Stack-based buffer overflow in the URL Search Hook ICQToolBar.dll in ICQ 6.5 allows remote attackers to cause a denial of service persistent crash and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder...

CVE-2009-1915

Stack-based buffer overflow in the URL Search Hook ICQToolBar.dll in ICQ 6.5 allows remote attackers to cause a denial of service persistent crash and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder...

CVE-2009-1915

Stack-based buffer overflow in the URL Search Hook ICQToolBar.dll in ICQ 6.5 allows remote attackers to cause a denial of service persistent crash and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder...

ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC

No description provided by source. ?php / ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ If the resulting file is placed on the desktop, against ex. xp sp3 process...

ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)

g f44.104: Access violation - code c0000005 !!! second chance !!! eax=02100068 ebx=772a23c1 ecx=0210cefa edx=00000823 esi=00610061 edi=00000000 eip=772a533f esp=0210cec0 ebp=0210cec4 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000...

ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC

Exploit for unknown platform in category dos / poc ========================================================= ICQ 6.5 URL Search Hook Windows Explorer Remote BOF PoC ========================================================= g f44.104: Access violation - code c0000005 !!! second chance !!!...

Unfixed XSS vulnerability at de.oleo.tv

Security researcher kInGoFcHaOs, has submitted on 22/05/2008 a cross-site-scripting XSS vulnerability affecting de.oleo.tv, which at the time of submission ranked 130299 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/11/2008. It is currentl...