Lucene search
+L

1253 matches found

Nuclei
Nuclei
added yesterday49 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7AI score0.12851EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday66 views

LG SuperSign EZ CMS 2.5 - Local File Inclusion

LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion. id: CVE-2018-16288 info: name: LG SuperSign EZ CMS 2.5 - Local File Inclusion author: daffainfo severity: high description: | LG SuperSign CMS 2.5 allows reading of...

8.6CVSS7.1AI score0.35828EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday21 views

LG Supersign EZ CMS - Remote Code Execution

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...

9.8CVSS7.4AI score0.56237EPSS
Exploits9References4
Nuclei
Nuclei
added yesterday14 views

LG LED Assistant - Thumbnail Path Traversal File Upload

A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...

9.8CVSS6.2AI score0.63999EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday11 views

LG LED Assistant - Unauthenticated Password Reset

The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...

9.8CVSS6.1AI score0.51001EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago32 views

LG Simple Editor <= v3.21.0 - Command Injection

LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

9.8CVSS7.5AI score0.87761EPSS
Exploits4References5
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5077 Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go

Bird-lg-go has a Fatal Out-of-Memory OOM Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 4:37 p.m.45 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 4:37 p.m.21 views

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 4:37 p.m.4 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS6AI score0.00441EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Bird-lg-go 资源管理错误漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Versions of Bird-lg-go prior to 1.4.5 contained a resource management vulnerability. This vulnerability stemmed from the apiHandler not limiting the maximum read size when processing the JSON payload provided by users. As a result,...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.18 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References1
NVD
NVD
added 2026/03/04 4:16 p.m.15 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS0.00388EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.11 views

PT-2026-22928

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

6.1AI score0.00388EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

6.1AI score0.00388EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Bird-lg-go 安全漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...

7.5CVSS6AI score0.00388EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2
Rows per page
Query Builder