EUVD-2016-10798

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2025-61116

AdForest - Classified Android App version 4.0.12 package name scriptsbundle.adforest, developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

PT-2025-44632

Name of the Vulnerable Software and Affected Versions BEO GmbH BEO Atlas Einfuhr Ausfuhr version 3.0 Description A reflected cross-site scripting XSS issue exists in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0. This allows attackers to execute arbitrary code within a user’s browser. Exploitation occur...

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2018-25122

Nagios XI

EUVD-2025-36734

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

PT-2025-44537

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-58185

CVE-2025-58185 concerns Go’s encoding/asn1 DER payload parsing. The advisory notes that memory can be exhausted when big, unvalidated DER payloads are parsed, affecting functions such as asn1.Unmarshal, x509.ParseCertificateRequest, and ocsp.ParseResponse. This memory-allocation issue arises befo...

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/asn1 is a Go standard library package std/encoding/asn1 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causin...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The processing time for parsing some invalid inputs scales non-linearly with respect to th...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...