CVE-2019-25424

CVE-2019-25424 affects Comodo Dome Firewall 2.7.0. It describes a reflected cross-site scripting vulnerability in the https_exceptions endpoint, where unsanitized input to the EXCEPTIONSITELIST parameter can be posted to trigger JavaScript in users’ browsers and potentially capture session data. ...

CVE-2019-25424 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

CVE-2019-25424 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability in...

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability in...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

Intel Ethernet Controller E810 安全漏洞

The Intel Ethernet Controller E810 is a series of network controllers developed by the American company Intel. Versions of the Intel Ethernet Controller E810 that do not have the latest firmware 1.7.8.x contain security vulnerabilities. These vulnerabilities stem from unhandled exceptions, which...

AVEVA PI Data Archive PI Server 安全漏洞

AVEVA PI Data Archive PI Server is a database engine developed by the British company AVEVA. There is a security vulnerability present in AVEVA PI Data Archive PI Server. This vulnerability stems from unhandled exceptions, which could allow unauthorized attackers to remotely crash core services a...

Fedora 42 : phpunit10 (2026-1d1c8f5df2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d1c8f5df2 advisory. Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution P...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

Fedora 43 : phpunit10 (2026-ff411cd463)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ff411cd463 advisory. Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution P...

10-Strike Network Inventory Explorer 安全漏洞

10-Strike Network Inventory Explorer is a scanning software developed by 10-Strike Corporation. It is used to track hardware and software on network computers. Version 8.54 of 10-Strike Network Inventory Explorer contains a security vulnerability caused by improper handling of structured...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability. This vulnerability stems from floating-point exceptions in the reshape component of Oneflow, which could lead to denial-of-service attacks...

CVE-2025-68135

EVerest (EV charging software stack) prior to version 2025.10.0 has a vulnerability in the TbdController loop where C++ exceptions are not properly handled, causing the loop and its caller to terminate silently and leading to a denial of service affecting SDP and ISO15118-20 servers. The issue is...

Improper Access Control

github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

MiracleLinux 8 : firefox-102.12.0-1.el8.ML.1 (AXSA:2023-6166:23)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6166:23 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001195 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000796 advisory. The restorefpuchecking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending...