30 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49014
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...
EUVD-2026-32573
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq,...
MAL-2026-509 Malicious code in @sommos/create-program-template-form-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa7bdf06061a821a92bec72c1ea8826213552ec4486d81e7776553a74293dd79 The package @sommos/create-program-template-form-data was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-14934
NSF Unidata NetCDF-C has a stack-based buffer overflow in parsing variable names that leads to remote code execution. The flaw arises from insufficient validation of user-supplied data length before copying to a fixed-length stack buffer. Exploitation requires user interaction (target must visit ...
CVE-2025-14935
CVE-2025-14935 affects NSF Unidata NetCDF-C. The flaw is a heap-based buffer overflow in parsing of dimension names caused by insufficient validation of the length of user-supplied data before copying to a fixed-length heap buffer. This can enable remote code execution in the context of the curre...
EUVD-2008-2074
Malware in sbrugna...
Allocation of Resources Without Limits or Throttling
Overview com.liferay:com.liferay.dynamic.data.mapping.form.web is a Liferay Dynamic Data Mapping Form Web. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the lack of temporary file deletions in the forms upload field. An attacker c...
CVE-2023-33257
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...
CVE-2023-33257
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...
CVE-2023-33257
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...
CVE-2023-33257
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...
CVE-2023-33257
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...
PT-2023-24250 · Verint · Verint Engagement Management
Name of the Vulnerable Software and Affected Versions: Verint Engagement Management version 15.3 Update 2023R2 Description: The issue concerns HTML injection via the user data form in the live chat. This allows for potential malicious code injection. Recommendations: For Verint Engagement...
SUSE CVE-2019-11761
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox 70,...
Apache Superset 跨站脚本漏洞
A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the upload data form to properly render user input, which could be exploited by an attacker to cause a cross-sit...
PT-2020-2265 · Microsoft · Sharepoint Foundation +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to an unlimit...
Mozilla: Unintended access to a privileged JSONView object
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...
Mozilla: Unintended access to a privileged JSONView object
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...
Mozilla: Unintended access to a privileged JSONView object
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...
CVE-2018-1000847
FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...