Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/05/12 4:52 p.m.33 views

CVE-2026-41895 changedetection.io: XXE vulnerability in the changedetection.io project

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

8.2CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 9:5 p.m.25 views

CVE-2025-14922 Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 8:38 a.m.3 views

CVE-2025-66564

A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...

7.5CVSS6AI score0.00411EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/12/04 10:37 p.m.3 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2022-4144

Malicious code in bioql PyPI...

8.1CVSS8AI score0.06179EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.9 views

CVE-2019-17076

An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service DoS, remote code execution RCE, and/or deletion of files on the Jamf Pro server...

9.8CVSS7.9AI score0.02505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:42 p.m.7 views

CVE-2022-36078

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...

8.8CVSS6.8AI score0.00941EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/10/10 1:43 p.m.11 views

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

8.7CVSS7.1AI score0.02772EPSS
Exploits1References5
Veracode
Veracode
added 2024/09/24 6:52 a.m.16 views

Stack Overflow

Google Protobuf is vulnerable to a StackOverflow. The vulnerability is due to insufficient validation and control over the parsing of nested groups and SGROUP tags in untrusted Protocol Buffers data, allowing an attacker to crash the application or make it unresponsive...

8.7CVSS7AI score0.02772EPSS
Exploits1References10Affected Software5
Zero Day Initiative
Zero Day Initiative
added 2024/05/15 12:0 a.m.21 views

NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLXPR...

7.8CVSS7AI score0.14692EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.3 views

PT-2023-5561

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Display Driver for Windows and Linux affected versions not specified NVIDIA Jetson affected versions not specified Description The issue is related to the parsing of unexpected untrusted data, which may lead to code execution, denia...

7.8CVSS7.9AI score0.00224EPSS
Exploits0References19
PyPA
PyPA
added 2021/07/29 6:15 p.m.6 views

PYSEC-2021-115

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS7.3AI score0.01639EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/07/29 6:15 p.m.3 views

UBUNTU-CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS7.3AI score0.01639EPSS
Exploits1References8
Rows per page
Query Builder