Lucene search
K

402 matches found

OSV
OSV
added 2025/09/16 6:31 p.m.5 views

GHSA-95H4-8MQC-4MPF Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers...

6.9CVSS7AI score0.00372EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 4:9 p.m.13 views

CVE-2025-43801

An XML-RPC input validation issue in Liferay Portal/dxP: Unchecked input for loop condition affects com.liferay.portal.impl in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 35, enabling DoS via crafted XML-RPC requests. Affected pac...

7.5CVSS6.5AI score0.00372EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.3 views

Wago CODESYS V2 Web-Server Classic Buffer Overflow (CVE-2021-30191)

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

7.5CVSS7.3AI score0.01017EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/02 12:0 a.m.4 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the exsltDynMapFunction function in libexslt/dynamic.c when handling specially crafted XSLT documents that trigger uncontrolled recursion. An attacker can cause stack exhaustion and disrupt service...

8.7CVSS7AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/02 12:0 a.m.4 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the exsltDynMapFunction function in libexslt/dynamic.c when handling specially crafted XSLT documents that trigger uncontrolled recursion. An attacker can cause stack exhaustion and disrupt service...

8.7CVSS7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.2 views

Svelte 安全漏洞

Svelte is a new way to build web applications open-sourced by Svelte. A security vulnerability exists in versions of Svelte prior to 5.3.2 that stems from not properly checking input object properties, which could lead to prototype contamination...

7.9CVSS6.3AI score0.00345EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/21 8:9 p.m.4 views

CVE-2010-20119 CommuniCrypt Mail <= 1.16 ANSMTP/AOSMTP ActiveX Control Buffer Overflow

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments method. This method fails to properly validate the length of input strings, allowing data to exceed th...

8.6CVSS6.9AI score0.01055EPSS
Exploits0References6
NVD
NVD
added 2025/08/11 7:15 p.m.4 views

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

6.5CVSS0.00247EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/08/04 12:0 a.m.7 views

The vulnerability of the /goform/formdumpeasysetup file in D-Link DIR-619L router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /goform/formSetDomainFilter function in the microprogramming software for D-Link DIR-619L routers stems from the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity,...

9CVSS7.6AI score0.0082EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.7 views

The vulnerability of the COMEDI_INSNLIST() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the COMEDIINSNLIST function in the Linux operating system’s kernel is related to the copying of buffers without checking the size of the input data when processing the parameter ninsns. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References11Affected Software4
OSV
OSV
added 2025/07/28 12:15 p.m.3 views

DEBIAN-CVE-2025-38483

In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid / if 1 options1 & 0xdcfc However, it-optionsi is an...

7.1CVSS5.6AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.4 views

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

7.8CVSS7.6AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.12 views

PT-2025-31078

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s comedi subsystem, specifically within the das6402 driver. An unchecked integer value, it-options1, received from userspace, can lead to a bit shift...

7.1CVSS6.7AI score0.00159EPSS
Exploits0
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

Mbed TLS 缓冲区错误漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A buffer error vulnerability exists in Mbed TLS versions prior to 3.6.4, which stems from a failure to check the input buffer size and can lead to out-of-bounds reads...

6.5CVSS6.6AI score0.00259EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.6 views

The vulnerability of the __get_cur_name_and_parent() function in the fs/btrfs/send.c module of the file system support module for Linux’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getcurnameandparent function in the fs/btrfs/send.c module of the Linux file system support module is related to copying buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromi...

7.8CVSS7.4AI score0.00245EPSS
Exploits0References9Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.4 views

The vulnerability of the cfg80211gen_new_ie() function in the net/wireless/scan.c module, which supports wireless communication in Linux kernels, allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the cfg80211gennewie function in the net/wireless/scan.c module, which supports wireless communication in Linux kernels, stems from the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow a...

7.8CVSS6.8AI score0.00264EPSS
Exploits0References15Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

Vulnerability of the ad7124_of_parse_channel_config() function in the drivers/iio/adc/ad7124.c module – A driver that supports various types of built-in sensors in the Linux operating system, which allows a hacker to cause service failures.

Vulnerability of the ad7124ofparsechannelconfig function in the drivers/iio/adc/ad7124.c module – The driver for supporting various types of built-in sensors in the Linux operating system involves copying buffers without checking the size of the input data a classic buffer overflow attack...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References12Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

The vulnerability of the fwAcosCgiInbound function in NETGEAR EX6120 router microprogramming software allows a hacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fwAcosCgiInbound function in NETGEAR EX6120 router microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility of...

9CVSS7.6AI score0.00939EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/19 12:0 a.m.7 views

The vulnerability of the bearer_name_validate() function in the net/tipc/bearer.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bearernamevalidate function in the net/tipc/bearer.c module of the Linux kernel lies in the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromise the...

7.8CVSS7.5AI score
Exploits0References26Affected Software4
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked input size that could lead to out-of-bounds writes...

7.8CVSS7.3AI score0.00153EPSS
Exploits0References4
Rows per page
Query Builder