98 matches found
PT-2025-53579
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The issue resides in insufficient protection of the web page structure within Moodle. Exploitation of this can allow a remote attacker to conduct a Cross-Site Scripting XSS attack. The flaw is...
CVE-2025-22044 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in tonfitbusuuid: "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMMBUSFAMILYNFIT == 0...
VulnCheck KEV: CVE-2021-35402
A vulnerability is present in Prolink PRC2402M that could allow unauthenticated remote adversaries to inject commands due to improper checks on input supplied to 'liveapi.cgi'...
The vulnerability of the System Management Mode (SMM) mode of AMD microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the System Management Mode SMM mode of AMD microprogramming processor software is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
USN-7272-1 symfony vulnerabilities
Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the pfifotailenqueue function not properly validating input when processing queues. An attacker exploiting...
CVE-2022-24707
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...
CVE-2024-49353
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash...
Tenda AC6 安全漏洞
Tenda AC6V2 is a wireless router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda AC6V2. The vulnerability stems from insufficient checking of the length or boundaries of input data to overwrite adjacent memory areas. An attacker could use this vulnerability to execute...
PT-2024-40524 · Unknown · Fast-Float
Name of the Vulnerable Software and Affected Versions: fast-float affected versions not specified Description: The fast-float library contains soundness issues, including undefined behavior when checking input length and functions marked as safe with non-local safety guarantees. The library is al...
Multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
SUSE CVE-2020-14315
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...
Fuji Electric Monitouch V-SFT 缓冲区错误漏洞
Fuji Electric Monitouch V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric, which is mainly used in industrial automation, providing touch screen interface design, PDF document viewing, video playback, alarm messages and other functions. Fuji Electric Monitou...
PT-2024-28717 · WordPress · Ht Mega – Absolute Addons For Elementor
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.5.0 Description: The issue is related to Stored Cross-Site Scripting via the Tooltip & Popover Widget due to insufficient input sanitization and...
The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing a hacker to execute arbitrary code.
The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability could allow a hacker to execute arbitrary code...
Denial Of Service (DoS)
graphql-go is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to improper malformed input checks within parser.go, which results in Denial Of ServiceDoS...
The vulnerability of the django.utils.encoding.uri_to_iri() component in the Django web application framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the django.utils.encoding.irToIri component in the Django web application framework is related to an improper check on the number of data inputs. Exploiting this vulnerability could allow a remote attacker to cause a service failure. source-iocs-preserved...
The vulnerability of the CMPapp component in CODESYS software products allows a hacker to trigger a service failure.
The vulnerability of the CMPapp component in CODESYS software products is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems...