Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2025/03/03 10:5 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...

7.5CVSS6.8AI score0.00702EPSS
Exploits0References2
CNVD
CNVDadded 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Heap Buffer Overflow Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A heap buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.5AI score0.00221EPSS
Exploits0References1
CNVD
CNVDadded 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Memory Corruption Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A memory corruption vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.2AI score0.00242EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2024/03/14 8:37 p.m.27 views

Whoogle Search Cross-site Scripting vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

6.1CVSS6.1AI score0.0063EPSS
Exploits1References11Affected Software1
CNVD
CNVDadded 2022/01/27 12:0 a.m.26 views

FreeCAD ODA Command Injection Vulnerability

FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the finite element method of building information modeling software. A command injection vulnerability exists in FreeCAD version 0.19, which stems from improper cleanup when calling...

7.8CVSS7.5AI score0.01102EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2019/10/22 1:50 p.m.3 views

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS7.2AI score0.0657EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2018/07/01 12:0 a.m.6 views

PT-2018-9485

Name of the Vulnerable Software and Affected Versions dom4j versions prior to 2.1.1 Description The issue is related to an XML Injection vulnerability in the Class: Element, specifically in the addElement and addAttribute methods. This can result in an attacker tampering with XML documents throug...

7.8CVSS6.7AI score0.0657EPSS
Exploits1References77
Rows per page
Query Builder