CVE-2025-48484

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in versio...

Talking Transactions: Decentralized Communication through Ethereum Input Data Messages (IDMs)

Can you imagine, blockchain transactions can talk! In this paper, we study how they talk and what they talk about. We focus on the input data field of Ethereum transactions, which is designed to allow external callers to interact with smart contracts. In practice, this field also enables users to...

GNU coreutils buffer overflow vulnerability

GNU coreutils is a core toolset of the GNU community. GNU coreutils suffers from a buffer overflow vulnerability that originates from a boundary error in the function begfield in the sort tool when handling untrusted input, which can be exploited by an attacker to cause a crash or data disclosure...

The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of VideoGrace video conferencing software is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted requests...

The vulnerability of VideoGrace video conferencing software, related to insufficient verification of input data, allows a hacker to perform spoofing attacks.

The vulnerability of VideoGrace video conferencing software is related to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to perform a spoofing attack...

Out-of-Bounds-Read

libassimp.so is vulnerable to an Out-of-Bounds-Read. The vulnerability is due to insufficient validation of input data in the MDCImporter::ValidateSurfaceHeader function, specifically involving the pcSurface2 argument, allows an out-of-bounds read when the function processes malformed or unexpect...

Planet FW-WGS-804HPT web_acl_mgmt_Rules_Edit_postcontains function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall-mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the failure of the byruleEditName parameter in the webaclmgmtRulesEditpostcontains function to correctly validate the length and size...

Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users

Due to the increasing presence of networked devices in everyday life, not only cybersecurity specialists but also end users benefit from security applications such as firewalls, vulnerability scanners, and intrusion detection systems. Recent approaches use large language models LLMs to rewrite...

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

CVE-2024-29980

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™...

CVE-2024-10331

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotel...

CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users...

CVE-2024-29979

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™...

CVE-2024-46531

phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php...

CVE-2023-30280

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page...

PT-2025-22747 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions n/a through 5.9.5.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2021-43390

An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end ...

CVE-2021-43273

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...

CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

CVE-2020-5985

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x prior to 8.5, version 10.x prior to 10.4 and version 11.0...