4153 matches found
iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping
A flaw was found in iputils ping, where a signed integer overflow occurs in timestamp multiplication. This issue could lead to incorrect timestamp calculations or denial of service when processing crafted ICMP Echo Reply packets...
CVE-2025-6509 seaswalker spring-analysis SimpleController.java echo cross site scripting
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads...
CVE-2025-49312
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a...
CVE-2025-49312
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a...
CVE-2025-49312 WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a...
CVE-2025-49312
CVE-2025-49312 – Reflected Cross-Site Scripting in the WordPress plugin CodeRevolution Echo RSS Feed Post Generator . The vulnerability arises from improper neutralization of input during web page generation, enabling a reflected XSS attack. Affected software: Echo RSS Feed Post Generator Plugin ...
PT-2025-25705 · WordPress · Coderevolution Echo Rss Feed Post Generator Plugin
Name of the Vulnerable Software and Affected Versions: CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress versions through 5.4.8.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...
SUSE CVE-2025-48964
ping in iputils before 20250602 allows a denial of service application error in adaptive ping mode or incorrect data collection via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics...
Mageia: Security Advisory (MGASA-2025-0163)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2025-0163 Updated iputils packages fix security vulnerability
ping in iputils through 20240905 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. CVE-2025-47268...
CVE-2023-33248
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz often outside the range of human adult hearing. Commands at these frequencies are essentially...
CVE-2022-25809
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...
CVE-2022-40083
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF...
CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $REQUEST'pkgfilter' in a PHP echo call, causing XSS...
CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...
CVE-2021-36122
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...
CVE-2021-33578
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...
CVE-2021-36123
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...
CVE-2021-36124
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...
CVE-2020-13775
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash with a NULL pointer dereference if echo-message is not enabled and there is no network...