CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

EUVD-2016-1613

Malware in sbrugna...

EUVD-2017-6386

Malware in sbrugna...

EUVD-2023-12701

Malicious code in bioql PyPI...

CVE-2021-1915

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

SAP Global Label Management SQL Injection Vulnerability

SAP Global Label Management is a global label management system from SAP. SAP Global Label Management suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal S...

CVE-2023-1783 OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

Orchard Core 跨站脚本漏洞

Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...

Linux kernel input validation error vulnerability (CNVD-2021-87041)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.14.16 that stems from insufficient application validation of the size of the MSGCRYPTO message type. No...

Bosch Rexroth IndraMotion Mlc 跨站脚本漏洞

The Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robot control.A cross-site scripting vulnerability exists in the Bosch Rexroth IndraMotion Mlc, which stems from the lack of proper validation of client-side data by the WEB application. An attack...

Secomea SiteManager Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Secomea SiteManager that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

F5 BIG-IP AFM 跨站脚本漏洞

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in BIG-IP AFM, which originates from the lack of proper validation of client data by a WEB application. An attacker can exploit this vulnerability to execute...

Tufin SecureTrack R20-2 GA Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in the Tufin SecureTrack R20-2 GA that stems from a lack of proper validation of client-side data by a WEB application. An attacker can exploit this vulnerability to execute client-side code...

QNAP Systems TS-870 Cross-Site Scripting Vulnerability

QNAP Systems TS-870 is a NAS Network Attached Storage appliance from China Weilian QNAP Systems. A cross-site scripting vulnerability exists in PhotoStation Filenames in the QNAP Systems TS-870 using firmware version 4.3.4.0486. The vulnerability stems from a lack of proper validation of client...

Teradici PCoIP Management Console Cross-Site Scripting Vulnerability

Teradici PCoIP Management Console is a console program for managing PCoIP clients from Teradici Canada. A cross-site scripting vulnerability exists in Teradici PCoIP Management Console versions prior to 20.07. The vulnerability stems from a lack of proper validation of client data by the web...

CloudBees Jenkins and LTS Cross-Site Scripting Vulnerability (CNVD-2020-46328)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

phpList cross-site scripting vulnerability (CNVD-2020-41811)

phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in phpList 3.5.4 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

NETGEAR R6700 and R6900 Cross-Site Scripting Vulnerability

The NETGEAR R6700 and NETGEAR R6900 are both a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR R6700 prior to version 1.0.1.36 and the R6900 prior to version 1.0.1.34, which stems from a lack of proper validation of client data by a web application and can...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-31238)

NETGEAR D6200 and others are products of NETGEAR Corporation.NETGEAR D6200 is a wireless modem.NETGEAR WNR2020 is a wireless router.NETGEAR R6220 is a wireless router.NETGEAR WNR2020 is a wireless router.NETGEAR WNR2020 is a wireless router.NETGEAR WNR2020 is a wireless router.NETGEAR WNR2020 is ...