13681 matches found
CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25190
CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...
CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25189
CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...
UBUNTU-CVE-2024-57950
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 WHAT & HOW Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDEBYZERO, as reported by Coverity. cherry...
PT-2025-6112 · Unknown · Zoo-Project
Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...
PT-2025-6113 · Unknown · Zoo-Project
Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...
Azure Linux 3.0 Security Update: kernel (CVE-2024-43828)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43828 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying...
EulerOS 2.0 SP11 : subversion (EulerOS-SA-2025-1148)
According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated...
CVE-2024-25883
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...
DEBIAN-CVE-2024-57392
Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port...
CVE-2024-25883
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...
CVE-2024-25883
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...
CVE-2021-37663
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...
CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
CVE-2024-25883
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...
CVE-2024-25883
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...
PT-2025-5876 · Unknown · Deep-Diver Llm-As-Chatbot
Name of the Vulnerable Software and Affected Versions: deep-diver LLM-As-Chatbot versions prior to commit 99c2c03 Description: The issue allows a remote attacker to execute arbitrary code via the modelsbyom.py component. Recommendations: For deep-diver LLM-As-Chatbot versions prior to commit...