13 matches found
WordPress plugin Gravity Forms 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...
EUVD-2022-5162
Malicious code in bioql PyPI...
EUVD-2022-0479
Malicious code in bioql PyPI...
CVE-2022-43955
An improper neutralization of input during web page generation CWE-79 in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross si...
springframework: malicious input leads to insertion of additional log entries
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
GHSA-6GF2-PVQW-37PH Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...
DEBIAN-CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
SUSE-SU-2019:3248-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship bsc1156321...
Cisco Firepower Threat Defense Device Manager Web UI Request Handling Arbitrary Log Entry Injection (cisco-sa-20170201-fpw2)
According to its version and configuration, the Cisco Firepower Threat Defense FTD software installed on the remote device is affected by an arbitrary log entry injection vulnerability in the Firepower Device Manager FDM due to improper validation of user-supplied input. An unauthenticated, remot...
Atlassian Crowd LDAP Entry Injection Vulnerability
Atlassian Crowd is a web-based single sign-on system. A security vulnerability exists in Atlassian Crowd that could be exploited by a remote attacker to submit a special LDAP entry that injects malicious elements to execute arbitrary code...
Mailman < 2.1.9rc1 Spoofed Log Entry Injection
Binary data 3737.prm...