PT-2024-37976 · Pdf.Js +1 · Pdf.Js +1

Name of the Vulnerable Software and Affected Versions: SiYuan version 3.1.0 Description: A vulnerability has been found in the PDF Handler component, specifically in the file PDF.js, which can lead to cross-site scripting. The attack can be launched remotely. The issue affects an unknown...

PT-2024-6580 · Hikvision · Hikvision Ds-7604Ni-K1/4P +1

Name of the Vulnerable Software and Affected Versions: Hikvision NVRs affected versions not specified Hikvision DS-7604NI-K1/4PB affected versions not specified Description: The issue is related to a NULL dereference pointer vulnerability. It is caused by insufficient validation of a parameter in...

CVE-2024-1064

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

sqlite: heap-buffer-overflow at sessionfuzz

A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur...

CVE-2023-7104

A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur. Mitigation Mitigation for this issue is either not available or...

GHSA-625P-JWCP-R2R5 Corveda PHPSandbox Protection Mechanism Failure vulnerability

A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able t...

PT-2023-26447 · Unknown · Moosocial Moodating

Name of the Vulnerable Software and Affected Versions: mooSocial mooDating version 1.2 Description: A problematic vulnerability has been found in the URL Handler component, affecting an unknown part of the file /pages. The manipulation leads to cross site scripting and can be initiated remotely...

CVE-2023-3833

A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack...

Bug Finder Montage 跨站脚本漏洞

Bug Finder Montage is a complete web platform for hotel/resort booking and property sales solutions from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder Montage version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket...

Bug Finder MineStack 跨站脚本漏洞

Bug Finder MineStack is a digital mining platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder MineStack version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to cross-site scripting via th...

nuxsmin sysPass 跨站脚本漏洞

sysPass is a system password manager by RubénD Personal Developer. A cross-site scripting vulnerability exists in nuxsmin sysPass versions prior to 3.2.5, which stems from a problem with the component URL Handler that can lead to cross-site scripting...

PT-2023-33052 · Unknown · Requesthandlercomponent

Name of the Vulnerable Software and Affected Versions: RequestHandlerComponent affected versions not specified Description: The issue allows well-crafted requests to create a denial of service attack. It is related to the use of Xml::build, which enables reading local files. Recommendations: For...

CVE-2022-4400

A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-21526...

PT-2022-22144 · Sourcecodester · Sourcecodester Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-Based Student Clearance System version 1.0 Description: A critical issue was found in the Photo Handler component, specifically in the file edit-photo.php, allowing for unrestricted upload. This can be exploited remotely...

AZL-45159 CVE-2019-1010266 affecting package js-jquery 3.5.0-4

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

PT-2021-7075 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.18 through 4.19 Description: An issue in the Linux Kernel can lead to memory/netns leak due to an improper update of sock reference in TCP pacing. This can be exploited by remote clients, potentially causing a denial o...