CVE-2024-21538

A Regular Expression Denial of Service ReDoS vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string...

Regular Expression Denial of Service (ReDoS) in cross-spawn

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

xhtml2pdf Denial of Service via crafted string

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

xhtml2pdf 安全漏洞

xhtml2pdf is xhtml2pdf open source an HTML to PDF converter using Python, ReportLab Toolkit, html5lib and pypdf. A security vulnerability exists in xhtml2pdf version 0.2.13, which stems from a problem in the getcolor function of utils.py, allowing an attacker to cause a regular expression denial ...

CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

CVE-2024-25707

CVE-2024-25707 is a reflected cross-site scripting vulnerability in Esri Portal for ArcGIS 11.1 and earlier. The issue allows an authenticated user with administrative privileges to supply a crafted string that could cause arbitrary JavaScript execution in their own browser (Self XSS). The vulner...

GHSA-4GXJ-5MMR-7PXQ NASA AIT-Core vulnerable to remote code execution

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...

CVE-2024-35058

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...

CVE-2024-35058

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...

NASA AIT-Core 安全漏洞

NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2, which stems from a vulnerability that allows an attacker to execute arbitrary code via a crafted string...

Siemens Simcenter Nastran 安全漏洞

Simcenter Nastran is a finite element method solver. A stack buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process when an affected application parses a specific string as a parameter to an...

CVE-2024-31741

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login...

CVE-2024-31741

MiniCMS v1.11 has a Cross-Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted string in the URL after login. Exploitation may require user interaction per CVSS metrics (UI:R) and is classified with MEDIUM impact. Public sources (CNVD/CNNVD/NVD) descr...

CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...