3428 matches found
Advantech DeviceOn/iEdge Cross-Site Scripting Vulnerability
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...
CVE-2025-12488
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12488 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
BIT-GOLANG-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...
CVE-2025-64458
CVE-2025-64458 is a Django IIS/Windows-specific DoS caused by slow NFKC normalization in Python, affecting HttpResponseRedirect, HttpResponsePermanentRedirect, and django.shortcuts.redirect. Affected Django releases: 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. IBM and EU/PC bullet...
CVE-2025-10567
CVE-2025-10567 : FunnelKit Funnel Builder for WooCommerce Checkout (WordPress plugin) before 3.12.0.1 is vulnerable to reflected XSS in checkout-related AJAX actions due to unsanitized user input echoed back to responses. The issue affects logged-in users and is documented across multiple sources...
Salesforce Agentforce Vibes Extension 安全漏洞
Salesforce Agentforce Vibes Extension is an AI-coded agent extension from Salesforce USA. A security vulnerability exists in Salesforce Agentforce Vibes Extension versions prior to 3.2.0 that stems from improper neutralization of LLM prompt inputs, which could lead to manipulation of writable...
Astra Linux – Vulnerability in Python 3.11
The html.parser.HTMLParser class has worst-case quadratic complexity when processing certain malformed inputs, which could potentially lead to a heightened denial-of-service attack...
SQL Injection
Overview fosslight-binary is a FOSSLight Binary Scanner Affected versions of this package are vulnerable to SQL Injection due to unsanitized string formatting of filename-, hecksum-, and TLSH-derived values into SQL queries. An attacker can view, modify, or delete data in the underlying database,...
CVE-2025-8849
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
CVE-2020-36867
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...
CVE-2025-61723
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...
Quadratic complexity when parsing some invalid inputs in encoding/pem
...
EUVD-2025-37228
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
CVE-2025-8849
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
CVE-2025-8849
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988627)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988627 advisory. A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with...
CVE-2025-8849 Denial of Service in danny-avila/librechat
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
CVE-2020-36867
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...