Lucene search
K

1177 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:50 p.m.6 views

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

9.8CVSS7.1AI score0.02842EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:49 p.m.13 views

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

5.4CVSS6.2AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.6 views

CVE-2019-0093

Insufficient data sanitization vulnerability in HECI subsystem for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR SPS before version SPSE305.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access...

4.4CVSS6.1AI score0.00394EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

In Search of Lost Data: a Study of Flash Sanitization Practices

To avoid the disclosure of personal or corporate data, sanitization of storage devices is an important issue when such devices are to be reused. While poor sanitization practices have been reported for second-hand hard disk drives, it has been reported that data has been found on original storage...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.5 views

A False Sense of Privacy: Evaluating Textual Data Sanitization beyond Surface-Level Privacy Leakage

Whitepaper called A False Sense Of Privacy: Evaluating Textual Data Sanitization Beyond Surface-Level Privacy Leakage...

7.2AI score
Exploits0
OSV
OSV
added 2025/04/24 7:29 a.m.4 views

BIT-MOODLE-2024-43437 Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...

6.1CVSS6AI score0.00338EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6478AC allows a hacker to elevate their privileges and execute arbitrary commands.

The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6478AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...

6.5CVSS5.8AI score0.07945EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/04/11 12:0 a.m.8 views

The vulnerability of the `setUpgradeFW()` function in TOTOLINK T8 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK T8 router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the slaveIpList parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.1AI score0.01946EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/04/09 5:57 p.m.4 views

Cross-site Scripting (XSS)

github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...

9.6CVSS6AI score0.0059EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.8 views

The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, stems from incorrect neutralization of special elements in the output data. This allows attackers to inject arbitrary SMTP commands.

The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows an attacker to inject arbitrary SMTP commands remotely...

10CVSS7.8AI score0.32348EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.9 views

The vulnerability of the cpython module in the Python programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the cPython programming language in Python is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS7AI score0.00647EPSS
Exploits0References18Affected Software14
Metasploit
Metasploit
added 2025/03/26 6:50 p.m.822 views

GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi

GLPI use auxiliary/gather/glpiinventorypluginunauthsqli msf auxiliaryglpiinventorypluginunauthsqli show actions ...actions... msf auxiliaryglpiinventorypluginunauthsqli set ACTION msf auxiliaryglpiinventorypluginunauthsqli show options ...show and set options... msf...

9.8CVSS6.4AI score0.86182EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.9 views

The vulnerability of the Command Line Interface (CLI) on the Microsoft Azure platform, which allows a hacker to increase their privileges

The vulnerability of the Command Line Interface CLI of the Microsoft Azure platform is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.4CVSS7.6AI score0.00403EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/06 12:0 a.m.7 views

The vulnerability of the telnetd daemon in the microprogramming router Tenda AC15 allows a hacker to execute arbitrary commands.

The vulnerability of the telnetd microprogramming system for Tenda AC15 routers is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted requests...

10CVSS6AI score0.01605EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/02/10 10:11 p.m.50 views

CVE-2025-25190

CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...

6.9CVSS5.3AI score0.00548EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:14 a.m.9 views

CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

10CVSS7AI score0.01825EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:54 a.m.4 views

CVE-2024-6365

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it...

9.8CVSS9.8AI score0.01211EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.8 views

The vulnerability of the telnetd daemon in the microprogramming-based router software of Tenda AC8, AC10, and AC18 allows a hacker to execute arbitrary commands.

The vulnerability of the telnetd microprogramming system for Tenda AC8, AC10, and AC18 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.05813EPSS
Exploits1References3Affected Software3
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.6 views

PT-2025-1260 · Tenda · Tenda Ac10 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...

8.6CVSS7.5AI score0.05813EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2025/01/09 12:0 a.m.8 views

The vulnerability in the web interface of the microprogramming software for wireless client bridges from HPE Aruba Networking 501 allows a attacker to execute arbitrary code in the device’s basic operating system.

The vulnerability of the web interface for managing microprogramming software in HPE Aruba Networking 501 wireless client bridges is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the...

9CVSS5.9AI score0.0155EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder