80 matches found
CVE-2025-43970
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes depending on the address family...
CVE-2024-13896
The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...
CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...
PT-2025-14132 · Unknown · Dima Take Action
Name of the Vulnerable Software and Affected Versions: Dima Take Action versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to injec...
Linux Distros Unpatched Vulnerability : CVE-2024-52559
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/gem: prevent integer overflow in msmioctlgemsubmit The submit-cmdi.size and submit-cmdi.offset variables are u32 values that come from the user via the...
HTML Injection
leantime/leantime is vulnerable to HTML injection. The vulnerability is due to improper neutralization of HTML tags in users' first names, allowing arbitrary HTML to be injected into emails...
CVE-2024-52882
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...
CVE-2024-4322
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /listpersonalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version...
CVE-2025-21612
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2024-56507
CVE-2024-56507 : A reflected Cross-Site Scripting (XSS) vulnerability exists in LinkAce prior to version 1.15.6, specifically in the Edit Link module’s URL field where input is reflected in the HTML response. The issue allows injection and execution of arbitrary JavaScript in a victim’s browser, ...
IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2024-45434)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...
CVE-2024-0123
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial ...
CVE-2024-0123
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial ...
USN-7052-1: GNOME Shell vulnerabilities
It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. CVE-2017-8288 It was...
[SECURITY] [DLA 3862-1] calibre security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 02, 2024 https://wiki.debian.org/LTS -...
CVE-2024-4420
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...
MySQL2 安全漏洞
MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...
SUSE CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
UBUNTU-CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
PT-2023-4480 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient validation of untrusted input in XML, allowing a remote attacker to bypass file access restrictions via a crafted HTML page. This can impact the...