369 matches found
EUVD-2026-2032
Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...
CVE-2026-22712
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...
PT-2026-2257
Name of the Vulnerable Software and Affected Versions Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45 Description The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead...
CVE-2025-1035
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1...
CVE-2023-53955
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...
hdf5: HDF5 heap-based overflow
A vulnerability was found in the H5Creconstructcacheentry function of the H5Cimage.c file in HDF5. Input manipulation can occur, which leads to a heap-based buffer overflow. Exploitation of this vulnerability requires local system access...
CVE-2025-14748 Ningyuanda TC155 ONVIF Device Management Service device_service access control
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/deviceservice of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The atta...
CVE-2025-14485
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...
CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...
BIT-ACTIVEMQ-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...
CVE-2025-13445 Tenda AC21 SetIpMacBind stack-based overflow
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...
User-Management-PHP-MYSQL 代码问题漏洞
User-Management-PHP-MYSQL is a secure user management system by Ajay Randhawa Personal Developer. A code issue vulnerability exists in User-Management-PHP-MYSQL that stems from incorrect manipulation of the parameter image in the file /admin/edit-user.php, which could lead to arbitrary file uploa...
CVE-2025-9336
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...
EUVD-2025-34060
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...
CVE-2025-9336
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...
CVE-2025-9336
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...
CVE-2025-9336
The CVE-2025-9336 entry concerns the ASUS Armoury Crate software, specifically the AsIO3.sys driver. Multiple sources confirm a stack buffer overflow in AsIO3.sys that can be triggered by input manipulation, potentially leading to a system crash (BSOD) or other undefined execution. Consequences n...
CVE-2025-9336
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...
PT-2025-41781
Name of the Vulnerable Software and Affected Versions ASUS AsIO3.sys driver affected versions not specified Description A stack buffer overflow exists in the AsIO3.sys driver. This issue is triggered by input manipulation and could result in a system crash, also known as a Blue Screen of Death...
CVE-2025-11631 RainyGao DocSys deleteDoc.do path traversal
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...