EUVD-2021-28464

Malicious code in bioql PyPI...

EUVD-2025-12707

Malicious code in bioql PyPI...

Exploit for Deserialization of Untrusted Data in Microsoft

suricata-rule-CVE-2025-53770 Detection rules for CVE-2025-5377...

CVE-2025-49192 Clickjacking

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of...

CVE-2020-35396

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting XSS via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website...

TranzAxis 3.2.41.10.26 Cross Site Scripting

TranzAxis version 3.2.41.10.26 suffers from a persistent cross site scripting vulnerability. Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version:...

CVE-2024-28141 Cross-Site Request-Forgery

The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the...

Dolibarr 20.0.1 SQL Injection

Titles: dolibarr 20.0.1 Multiple security token SQLi Author: nu11secur1ty Date: 10/15/2024 Vendor: https://www.dolibarr.org/ Software: https://www.dolibarr.org/downloads.php Reference: https://portswigger.net/web-security/sql-injection Description: The socid parameter appears to be vulnerable to...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server of httpstream.go due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command...

MariaDB item_func.cc:148 Denial of Service Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A denial of service vulnerability exists in MariaDB v10.9 and lower, which stems from a segmentation error in component sql/itemfunc.cc:148. An...

CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

ROS-2-1660

2.1660 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

Sigurlx - A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does ...: Categorize URLs URLs' categories: endpoint js js style css data json|xml|csv archive zip|tar|tar.gz doc pdf|xlsx|doc|docx|txt media jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff Next, probe HTTP requests to th...

Microsoft Windows Work Folders Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows Work Folders Service,...

The vulnerability of the Windows Graphics component of the Windows operating system allows attackers to disclose protected information.

The vulnerability of the Windows Graphics component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...

The vulnerability of the Unistore.dll library in the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the Unistore.dll library in the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...

CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

UBUNTU-CVE-2019-11389

DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE:...

Design/Logic Flaw

DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: t...

PT-2019-12277 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested...