Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2025/03/03 10:5 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...

7.5CVSS6.8AI score0.00246EPSS
Exploits0References2
CNVD
CNVDadded 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Memory Corruption Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A memory corruption vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.2AI score0.00111EPSS
Exploits0References1
CNVD
CNVDadded 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Heap Buffer Overflow Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A heap buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.5AI score0.00045EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2024/03/14 8:37 p.m.22 views

Whoogle Search Cross-site Scripting vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

6.1CVSS6.1AI score0.00468EPSS
Exploits1References11Affected Software1
CNVD
CNVDadded 2022/01/27 12:0 a.m.24 views

FreeCAD ODA Command Injection Vulnerability

FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the finite element method of building information modeling software. A command injection vulnerability exists in FreeCAD version 0.19, which stems from improper cleanup when calling...

7.8CVSS7.5AI score0.00341EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2019/10/22 1:50 p.m.2 views

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS7.2AI score0.01611EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2018/08/20 12:0 a.m.2 views

PT-2018-9485 · Dom4J +2 · Dom4J +2

Name of the Vulnerable Software and Affected Versions: dom4j versions prior to 2.1.1 Description: The issue is related to an XML Injection vulnerability in the Class: Element, specifically in the addElement and addAttribute methods. This can result in an attacker tampering with XML documents...

9.8CVSS6.7AI score0.0696EPSS
Exploits1References84
Rows per page
Query Builder