1297 matches found
CVE-2022-33176
Improper input validation in BIOS firmware for some IntelR NUC 11 Performance kits and IntelR NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2022-31092
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...
CVE-2020-7838
A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72...
CVE-2019-7898
Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input...
CVE-2024-2918
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request...
CVE-2025-1478
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6638 DESCRIPTION: A Regular Expression...
PT-2025-49920
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...
GHSA-VGHF-HV5Q-VC2G Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...
TencentOS Server 4: tomcat (TSSA-2025:0440)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0440 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56739)
rtc: check if rtcreadtime was successful in rtctimerdowork If the rtcreadtime call fails, the struct rtctime tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtctmtoktime later, the result may be a very large value possibly KTIMEMAX. If there ar...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-47143)
dma-debug: possible deadlock on radixlock. radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-41081)
ila: block BH in ilaoutput. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504571; scriptversion"1.2";...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49896)
drm/amd/display: vulnerability caused by adding a null check for the stream before dereferencing it in dcisstreamunchanged to prevent null pointer dereference. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 8090...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-41017)
jfs: vulnerability involves the risk of accessing memory beyond the end of ealist, which can lead to undefined behavior or crashes. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
CVE-2025-12942 Improper input validation in NETGEAR R6260 and R6850
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...
CVE-2021-47690
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...
CVE-2023-7318
Nagios XI
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-57986)
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503502;...
PT-2025-43779
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WeblineIndia Popular Posts by Webline popular-posts-by-webline allows Stored XSS.This issue affects Popular Posts by Webline: from n/a through = 1.1.1...