CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary...

EUVD-2020-0564

Malware in sbrugna...

EUVD-2018-0180

Malware in sbrugna...

EUVD-2022-49806

Malicious code in bioql PyPI...

GO-2025-3807 Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

Exploit for HTTP Request Smuggling in Sap Content_Server

CVE-2022-22536: HTTP Smuggling Through SAP's Front Door SAP Ne...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

kernel: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

in linux kernel net/sched taprio, TCATAPRIOATTRPRIOMAP is not correctly validated if multiple calls to tapriochange occur. This can allow arbitrary data to be injected to the kernel...

UBUNTU-CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

CVE-2023-42450

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

Windows 10 Input Validation Error Vulnerability

Microsoft Windows 10 is a suite of operating systems for use on personal computers from the American company Microsoft. A security vulnerability exists in Windows 10 driver version 6.1316.1209. An attacker can inject arbitrary data frames independent of the network configuration...

Design/Logic Flaw

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...

Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Plus (CVE-2020-5023)

Summary IBM Spectrum Protect Plus may be vulnerable to a denial of service attack when arbitrary data injection/parameter fuzzing is performed. Vulnerability Details CVEID: CVE-2020-5023 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote user to inject arbitrary data iwhich could cause t...

Insecure Cryptography

typo3/cms is vulnerable to insecure cryptography. The vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data...

Potential Remote Code Execution in TYPO3 with mediace extension

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9.1 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...