Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via data binding. An attacker can exhaust system memory resources by...

EUVD-2026-35902

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

CVE-2026-41721

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

CVE-2026-41721

Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....

EUVD-2025-176380

Malicious code in signal-quick-proxy-data-web npm...

EUVD-2012-4672

Malware in sbrugna...

EUVD-2022-51613

Malicious code in bioql PyPI...

CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

CyberoamOS Web Interface Detection

Binary data sophoscyberoamoswebdetect.nbin...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

Improper access control

A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=configsave&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword...

PT-2023-5239 · Unknown · C-Data Web Management System

Name of the Vulnerable Software and Affected Versions: C-DATA Web Management System up to 20230607 Description: A critical issue affects the User Creation Handler component of the C-DATA Web Management System, specifically the file /cgi-bin/jumpto.php?class=user&page=config save&isphp=1. The...

C-DATA Web Management System 访问控制错误漏洞

C-DATA Web Management System is a web management system from China-based C-DATA Corporation. An access control error vulnerability exists in C-DATA Web Management System version 20230607 and earlier, which stems from a problem with the file /cgi-bin/jumpto.php?class=user&page=configsave&isphp=1,...

Design/Logic Flaw

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

CVE-2022-4257 C-DATA Web Management System GET Parameter jumpto.php argument injection

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

CVE-2022-4257 C-DATA Web Management System GET Parameter jumpto.php argument injection

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

PT-2022-26501 · Unknown · C-Data Web Management System

Name of the Vulnerable Software and Affected Versions: C-DATA Web Management System affected versions not specified Description: A critical issue affects the C-DATA Web Management System, specifically the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...