230 matches found
Cross-Site Scripting (XSS)
github.com/songquanpeng/one-api is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the argument "Homepage Content/About System/Footer.", allows malicious content to be injected and executed in the user's browser...
CVE-2022-43847 IBM Aspera Console HTTP header injection
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2025-20203
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. The...
USN-7340-1: OpenVPN vulnerabilities
It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...
Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-25577, CVE-2023-23934]
Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...
CVE-2025-0764
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher...
Mattermost Server 9.11.x < 9.11.8 / 10.2.x < 10.2.3 / 10.3.x < 10.3.3 / 10.4.x < 10.4.2 (MMSA-2025-00430)
The version of Mattermost Server installed on the remote host is prior to 9.11.8, 10.2.3, 10.3.3, or 10.4.2. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00430 advisory. - Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail t...
The vulnerability of the nvme-pci component of the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the nvme-pci component of the Linux operating system’s kernel is related to improper input validation. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2025-25203
CVE-2025-25203 affects CtrlPanel (open-source billing software). The XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering of this field in the moderator panel. Vers...
CVE-2024-46435
A stack overflow vulnerability in the Tenda W18E V16.01.0.81625 web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service
Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46939 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caus...
ROS-20250120-04
A vulnerability in the fs/ntfs3 components of the Linux operating system kernel is related to read errors outside the bounds in the checkrstbl function in fs/ntfs3/fslog.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the jfs component ...
CVE-2024-51462
IBM QRadar WinCollect Agent (Windows) versions 10.0.0–10.1.12 are affected by CVE-2024-51462 due to improper input validation of assumed immutable data, enabling a remote attacker to inject XML data into parameter values and potentially modify data. Remediation is to upgrade to WinCollect Standal...
CVE-2024-11777
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sellmediasearchformgutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-20148
CVE-2024-20148 concerns MediaTek wlan STA FW where an improper input validation leads to an out-of-bounds write. The vulnerability could enable remote code execution on proximal devices with no privileges and no user interaction required. Patch IDs associated are WCNCR00389045 and ALPS09136494 (M...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty
Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...
CVE-2024-1610 OPPO Store app include remote account token hijacking and sensitive information leakage
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation...
RockyLinux 9 : podman (RLSA-2024:9051)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9051 advisory. Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction CVE-2024-9407 buildah: Buildah allows arbitra...
The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the network MySQL protocol...
PT-2024-31450 · Unknown · Uci Idol 2
Name of the Vulnerable Software and Affected Versions: UCI IDOL 2 versions through 2.12 Description: The issue is caused by improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer. This makes UCI IDOL 2 vulnerable to...