18 matches found
EUVD-2026-33547
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
GHSA-M675-2P33-XV9G Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...
Important: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
EUVD-2019-19996
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...
PT-2026-27362
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...
USN-8011-1 emacs vulnerabilities
It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...
USN-8011-1: Emacs vulnerabilities
It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...
Improper Certificate Validation
wlc is vulnerable to improper certificate validation. The vulnerability is due to skipped SSL verification for specially crafted URLs, which allows an attacker to perform man-in-the-middle attacks and intercept or manipulate communications...
CVE-2025-58095
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-36357 IBM Planning Analytics Local Directory Traversal
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...
Open Redirect
Overview oarepo-vocabularies is a Support for custom fields and hierarchy on Invenio vocabularies Affected versions of this package are vulnerable to Open Redirect. PoC via the createurlrules function in the ui/resources/vocabularytype/resource.py file. An attacker can redirect a victim user to a...
PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
Overview MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CVE-2023-42662
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...
CVE-2020-4934
IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 191752...
CVE-2020-4789
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM...
Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2018-20874)
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. A Windows Shell is an interface under Windows that interacts with the user and allows the user to perform public tasks such as accessing the file system, exporting executable programs,...
CVE-2017-3965
Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...
The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary HTTP headers.
The vulnerability of WebSphere Application Server applications stems from a lack of handling of CRLF sequences in HTTP headers. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers using a specially crafted URL...