Lucene search
+L

127 matches found

AlpineLinux
AlpineLinux
added 2026/04/13 9:50 p.m.4 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-25683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying ...

6.9CVSS5.5AI score0.00173EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/05 9:30 p.m.8 views

EUVD-2019-20101

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/05 9:16 p.m.6 views

CVE-2019-25683

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References4
OSV
OSV
added 2026/04/05 9:16 p.m.5 views

UBUNTU-CVE-2019-25683

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.8AI score0.00173EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25683

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.3 views

CVE-2019-25683 FileZilla 3.40.0 Denial of Service via Local Search

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.22 views

CVE-2019-25683 FileZilla 3.40.0 Denial of Service via Local Search

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS0.00173EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.25 views

PT-2026-30491

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References4
PyPA
PyPA
added 2026/04/03 4:16 a.m.4 views

PYSEC-2026-2287

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS6.4AI score0.00237EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/03 4:8 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

9.8CVSS6.3AI score0.00683EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29851

A newly disclosed stack buffer overflow CVE-2026-34124 affects specific TP-Link devices within their HTTP server, potentially leading to Denial of Service DoS. The vulnerability is triggered by malformed HTTP GET requests, with the original summary also indicating a similar POST body overflow...

7.1CVSS5.9AI score0.00296EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.290 views

📄 Vite 6.2.2 Arbitrary File Read

Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...

7.5CVSS6.6AI score0.74998EPSS
Exploits28
Github Security Blog
Github Security Blog
added 2026/01/15 9:31 p.m.15 views

Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.8AI score0.00343EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.4 views

Croogo 安全漏洞

Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...

6.5CVSS6.4AI score0.00597EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.32 views

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

0.00191EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:58 a.m.5 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.3AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 6:15 p.m.3 views

CVE-2020-36881

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...

7.8CVSS6.4AI score0.0032EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/05 5:20 p.m.8 views

EUVD-2020-30823

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...

8.6CVSS7.5AI score0.0032EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/05 5:20 p.m.22 views

CVE-2020-36881 Flexsense DiskBoss 'Add Input Directory' Buffer Overflow

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...

8.6CVSS0.0032EPSS
Exploits1References5
Rows per page
Query Builder