370 matches found
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
CVE-2025-6516
A heap-based buffer overflow was found in HDF5. This flaw exists in the H5Faddrdecodelen function of the /hdf5/src/H5Fint.c file and may be triggered by input manipulation to the function. Local access is required to exploit this flaw. Mitigation Mitigation for this issue is either not available ...
Astra Linux – Vulnerability in fig2dev
A flaw was discovered in xfig. This vulnerability allows for possible code execution through local input manipulation using the bezierspline function...
Astra Linux – Vulnerability in fig2dev
A flaw was discovered in fig2dev. This vulnerability allows for availability through local input manipulation using the gengeitpspline function...
CVE-2025-5898
A flaw was found in GNU PSPP's parsevariablesoption function within the pspp-convert utility. This vulnerability allows an out-of-bounds write via local input manipulation. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...
Lichess: Path Traversal Vulnerability in Lila Project
A path traversal vulnerability was discovered in the Lila project that allowed an attacker to access arbitrary files on the server by manipulating user-supplied input to traverse outside the intended directory structure...
CVE-2025-5323
CVE-2025-5323 affects fossasia open-event-server 1.19.1, specifically the Mail Verification Handler’s function send_email_change_user_email . The issue is described as relying on obfuscation or encryption of security-relevant inputs without integrity checks, with possible remote activation and hi...
CVE-2024-9142
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...
CVE-2024-9297
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/systeminfo leads to improper...
CVE-2024-13039
A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adduser.php. The manipulation of the argument name/email/password/number leads to sql injection. The attack may be launched remotely...
CVE-2023-5697
A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pageswithdrawmoney.php. The manipulation of the argument accountnumber with the input 287359614--alert1234...
CVE-2022-2956
A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument createuserusername with the input " leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2021-29529
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...
CVE-2025-3942
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...
CVE-2019-13097
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...
Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞
Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...
Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞
Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...
CVE-2025-22678 WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8...
SUSE CVE-2025-46397
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...