10 matches found
EUVD-2026-39159
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...
CI4MS 安全漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the controller’s ability to write host parameters to the .env file without proper validation, and without stripping line...
WebAssembly 缓冲区错误漏洞
WebAssembly is a binary instruction format for stack-based virtual machines from WebAssembly. A security vulnerability exists in WebAssembly versions prior to 0.31.1 that stems from an out-of-bounds buffer write if the host calls or restores more parameters than the default limit 128 for Wasm...
TOTOLINK A720R Stack Overflow Vulnerability (CNVD-2022-17123)
TOTOLINK A720R is a wireless router. TOTOLINK A720R v4.1.5cu.470B20200911 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to cause a denial of service DoS via host parameters...
Totolink A720R 缓冲区错误漏洞
TOTOLINK A720R is a wireless router. TOTOLINK A720R v4.1.5cu.470B20200911 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to cause a denial of service DoS via host parameters...
Thruk 跨站脚本漏洞
Thruk is an open source multi-backend monitoring web interface by Sven Nierlein, an individual developer in Germany. Thruk suffers from a cross-site scripting vulnerability that stems from reflective XSS via host or service parameters. An attacker can inject arbitrary JavaScript into extinfo.cgi....
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...
postgresql: Certain host connection parameters defeat client-side security defenses
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...