CVE-2025-57798

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

PT-2026-42012

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1 Description A Denial of Service DoS flaw exists in the title input functionality due to missing length validation. An attacker can trigger an Out Of Memory OOM error, leading to program termination, by inserting ...

EUVD-2026-28087

Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

Binardat 10G08-0800GSM 跨站脚本漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a cross-site scripting vulnerability. This vulnerability stems from uncleaned user input reflected in the web interface, which...

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

PT-2026-2443

Name of the Vulnerable Software and Affected Versions Progress LoadMaster affected versions not specified Description An authenticated attacker with “User Administration” permissions can execute arbitrary commands on the LoadMaster appliance. This is due to unsanitized input in the API input...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high performance Application Delivery Controller ADC and load balancer from Progress, Inc. A security vulnerability exists in Progress LoadMaster that stems from an uncleaned API input parameter, which could lead to the execution of arbitrary commands by an authenticated...

CVE-2025-67858

CVE-2025-67858 concerns Foomuuri, a nftables-based firewall generator. The issue is an improper neutralization of argument delimiters in the JSON configuration passed to nft, which can cause integrity loss of the firewall configuration and other unspecified effects. Affected releases are prior to...

CVE-2025-67858 A crafted "interface" input parameter can lead to integrity loss of the firewall configuration

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

[SECURITY] Fedora 43 Update: fluidsynth-2.5.2-1.fc43

FluidSynth is a real-time software synthesizer based on the SoundFont 2 specifications. It is a "software synthesizer". FluidSynth can read MIDI even ts from the MIDI input device and render them to the audio device. It features real-time effect modulation using SoundFont 2.01 modulators, and a...

CVE-2025-36171 IBM Aspera Faspex denial of service

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...

EUVD-2018-7641

Malware in sbrugna...

CVE-2025-50428

The CVE-2025-50428 issue affects RaspAP raspap-webgui, where the includes/hostapd.php script does not properly sanitize the interface parameter, enabling a command injection. Reported impacts include arbitrary code execution with www-data privileges and potential privilege escalation. Documented ...

CVE-2025-20220

A vulnerability in the CLI of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper inp...

CVE-2025-27023

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from insufficient validation of customized inputs to the user...

CVE-2023-51722

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-20085

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...