Lucene search
K

18 matches found

EUVD
EUVD
added 2026/06/01 3:32 a.m.19 views

EUVD-2026-33547

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:40 p.m.5 views

GHSA-M675-2P33-XV9G Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/03/31 9:59 a.m.4 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 12:30 p.m.6 views

EUVD-2019-19996

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

9.8CVSS6.4AI score0.00802EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27362

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

9.8CVSS6.4AI score0.00802EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 9:51 a.m.4 views

USN-8011-1 emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

8.8CVSS7.6AI score0.02657EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/02/04 9:51 a.m.9 views

USN-8011-1: Emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

8.8CVSS6AI score0.02657EPSS
Exploits0
Veracode
Veracode
added 2026/01/23 3:55 a.m.6 views

Improper Certificate Validation

wlc is vulnerable to improper certificate validation. The vulnerability is due to skipped SSL verification for specially crafted URLs, which allows an attacker to perform man-in-the-middle attacks and intercept or manipulate communications...

5.5CVSS5.9AI score0.00134EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:49 p.m.3 views

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.5AI score0.0024EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/17 8:7 p.m.4 views

CVE-2025-36357 IBM Planning Analytics Local Directory Traversal

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

8CVSS7.2AI score0.00686EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/01 6:40 a.m.2 views

Open Redirect

Overview oarepo-vocabularies is a Support for custom fields and hierarchy on Invenio vocabularies Affected versions of this package are vulnerable to Open Redirect. PoC via the createurlrules function in the ui/resources/vocabularytype/resource.py file. An attacker can redirect a victim user to a...

9.3CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/08 8:8 a.m.0 views

PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

Overview MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.8CVSS5.9AI score0.00284EPSS
Exploits0References5
OSV
OSV
added 2024/03/07 9:15 a.m.4 views

CVE-2023-42662

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...

6.5CVSS5.8AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2021/02/02 3:15 p.m.1 views

CVE-2020-4934

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 191752...

4.3CVSS5.8AI score0.01822EPSS
Exploits0References2
OSV
OSV
added 2021/01/27 5:15 p.m.4 views

CVE-2020-4789

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM...

6.5CVSS5.9AI score0.02553EPSS
Exploits0References2
CNVD
CNVD
added 2018/10/10 12:0 a.m.6 views

Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2018-20874)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. A Windows Shell is an interface under Windows that interacts with the user and allows the user to perform public tasks such as accessing the file system, exporting executable programs,...

7.6CVSS8.3AI score0.558EPSS
Exploits1References1
OSV
OSV
added 2018/04/04 1:29 p.m.4 views

CVE-2017-3965

Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...

8.8CVSS5.8AI score0.00549EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/11/26 12:0 a.m.4 views

The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary HTTP headers.

The vulnerability of WebSphere Application Server applications stems from a lack of handling of CRLF sequences in HTTP headers. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers using a specially crafted URL...

4.3CVSS6.5AI score0.01876EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder