448 matches found
xhtml2pdf Denial of Service via crafted string
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...
CVE-2024-25885
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...
CVE-2024-25885
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...
xhtml2pdf 安全漏洞
xhtml2pdf is xhtml2pdf open source an HTML to PDF converter using Python, ReportLab Toolkit, html5lib and pypdf. A security vulnerability exists in xhtml2pdf version 0.2.13, which stems from a problem in the getcolor function of utils.py, allowing an attacker to cause a regular expression denial ...
CVE-2024-25885
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...
CVE-2024-25885
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...
CVE-2024-25707
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-25707
CVE-2024-25707 is a reflected cross-site scripting vulnerability in Esri Portal for ArcGIS 11.1 and earlier. The issue allows an authenticated user with administrative privileges to supply a crafted string that could cause arbitrary JavaScript execution in their own browser (Self XSS). The vulner...
GHSA-4GXJ-5MMR-7PXQ NASA AIT-Core vulnerable to remote code execution
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
NASA AIT-Core 安全漏洞
NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2, which stems from a vulnerability that allows an attacker to execute arbitrary code via a crafted string...
CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
Siemens Simcenter Nastran 安全漏洞
Simcenter Nastran is a finite element method solver. A stack buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process when an affected application parses a specific string as a parameter to an...
CVE-2024-31741
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login...
CVE-2024-31741
MiniCMS v1.11 has a Cross-Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted string in the URL after login. Exploitation may require user interaction per CVSS metrics (UI:R) and is classified with MEDIUM impact. Public sources (CNVD/CNNVD/NVD) descr...
CVE-2024-27351
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
Cross site scripting
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
CVE-2024-25369
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
GHSA-6P78-F7H9-6838 Craft CMS Feed-Me
An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service DoS via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected...