Lucene search
K

108 matches found

RedHat Linux
RedHat Linux
added 6 days ago8 views

netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

9.1CVSS6.9AI score0.00969EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Tridium Niagara Improper Encoding or Escaping of Output (CVE-2025-3942)

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/16 12:0 a.m.9 views

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

6.8CVSS5.4AI score0.0016EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in the screen

In GNU Screen’s encoding.c file, as of version 4.8.0, remote attackers can cause a denial of service attack invalid write access and application crash, or potentially cause unspecified other impacts due to a crafted UTF-8 character sequence...

9.8CVSS6.9AI score0.09147EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

8.2CVSS5.8AI score0.00969EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/07 9:18 p.m.6 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

4.8CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 1:42 a.m.40 views

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

4.5CVSS0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33911

Name of the Vulnerable Software and Affected Versions Zyxel WRE6505 v2 version V1.00ABDV.3C0 Description An improper encoding or escaping issue exists in the CGI program of the web management interface. An adjacent attacker on the WLAN can cause a denial-of-service condition by convincing an...

5.7CVSS6.1AI score0.00182EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/14 11:32 p.m.8 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 8:16 p.m.6 views

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

7.5CVSS0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-31711

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116 Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output...

9.8CVSS5.8AI score0.21691EPSS
Exploits6References127
Snyk
Snyk
added 2026/03/27 10:22 p.m.7 views

Improper Encoding or Escaping of Output

Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...

9.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 9:38 p.m.43 views

CVE-2026-28688 ImageMagick has a heap use-after-free in the MSL encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write...

4CVSS0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.5 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

9.6CVSS5.4AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 7:23 p.m.4 views

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.6AI score0.00505EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.8 views

PT-2026-3890

Name of the Vulnerable Software and Affected Versions seroval versions 1.4.0 and below Description seroval facilitates JavaScript value stringification, including complex structures beyond the capabilities of JSON.stringify. In affected versions, replacing encoded array lengths with excessively...

7.5CVSS5.3AI score0.00395EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16239

processhttpresponse in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes...

9.8CVSS6.8AI score0.03445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.8 views

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

6.3CVSS7.5AI score0.00459EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:31 p.m.3 views

EUVD-2025-204361

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...

6.9CVSS6.7AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-0919

Malware in sbrugna...

7.5CVSS6.4AI score0.01993EPSS
Exploits0References3
Rows per page
Query Builder