Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

QEMU 安全漏洞

QEMU Quick Emulator is a simulation software for processors developed by Fabrice Bellard from France. This software features high speed and cross-platform capabilities. QEMU has a security vulnerability, which stems from the lack of length restrictions on the virtio-crypto device. This...

5.5CVSS6.7AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-2625

Malware in sbrugna...

5CVSS6.1AI score0.02126EPSS
Exploits0References4
Veracode
Veracode
added 2025/04/17 6:35 a.m.11 views

Denial Of Service (DoS)

shopware/core is vulnerable to Denial of Service DoS. The vulnerability is due to lack of input length restrictions and inefficient processing of long password inputs, which allows attackers to consume excessive server resources...

7.5CVSS6.8AI score0.00365EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12176 · Unknown · Open-Webui/Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: A vulnerability allows an unauthenticated attacker to sign up with excessively large text in the name field, causing the Admin panel to become unresponsive. This prevents administrators from...

7.5CVSS7.3AI score0.00799EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2023/01/06 4:5 p.m.148 views

CVE-2022-31631

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...

5.9CVSS3.5AI score0.02154EPSS
Exploits0References4
Prion
Prion
added 2022/12/13 9:15 p.m.16 views

Input validation

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...

5CVSS7.6AI score0.00689EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.46 views

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

9.8CVSS7.4AI score0.40982EPSS
Exploits0References8
Hacker One
Hacker One
added 2020/04/02 6:2 p.m.61 views

Semrush: IDOR in the https://market.semrush.com/

Insecure direct object references in marketplace due to a length restrictions in chosen hashing function...

6.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/11/26 5:15 p.m.36 views

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

6.1CVSS6.7AI score0.07239EPSS
Exploits0References3
CVE
CVE
added 2019/11/26 4:21 p.m.375 views

CVE-2019-18677

CVE-2019-18677 affects Squid 3.x and 4.x up to 4.8 where the append_domain setting can cause improper message processing, leading to traffic being redirected to origins that should not be delivered to. This is confirmed in multiple advisories (e.g., ALAS2-2023-2318) listing CVE-2019-18677 as a se...

6.1CVSS7.4AI score0.07239EPSS
Exploits0References11Affected Software1
Hacker One
Hacker One
added 2017/08/15 7:31 p.m.24 views

Legal Robot: first name and last name restrictions bypass

A security researcher discovered that the maximum lengths of the first name and last name fields were set to 32 characters at registration and 50 characters when using the profile update form. There was no security impact and no sensitive data was compromised. Thanks to @flashdisk for pointing ou...

2.6AI score
Exploits0
Prion
Prion
added 2016/09/26 4:59 a.m.15 views

Design/Logic Flaw

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.51089.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.52249.0.2A FP3 does not enforce password-length restrictions, which...

5CVSS6.8AI score0.01381EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/09/26 1:0 a.m.27 views

CVE-2016-5996

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.51089.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.52249.0.2A FP3 does not enforce password-length restrictions, which...

7.3AI score0.01381EPSS
Exploits0References2
Metasploit
Metasploit
added 2015/01/14 4:54 p.m.33 views

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...

5CVSS0.4AI score0.17355EPSS
Exploits4
Packet Storm
Packet Storm
added 2015/01/06 12:0 a.m.42 views

McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure', 'Description' = %q This module will exploit a...

Exploits0
Rows per page
Query Builder