Lucene search
+L

184 matches found

osv
osv
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1818 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
osv
osv
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1817 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
osv
osv
added 2025/07/11 12:24 p.m.6 views

OESA-2025-1815 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
osv
osv
added 2025/07/04 2:42 p.m.7 views

OESA-2025-1706 apache-commons-fileupload security update

The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest. Securi...

7.5CVSS6.8AI score0.64718EPSS
Exploits1References2
snyk
snyk
added 2025/06/16 3:32 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing multipart headers. An attacker can exhaust system resources by sending malicious requests with excessively large individual multipart headers. Remediation Upgrade...

8.7CVSS7AI score0.64718EPSS
Exploits1References2
osv
osv
added 2025/06/16 3:15 p.m.4 views

DEBIAN-CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

7.5CVSS6.8AI score0.64718EPSS
Exploits1References1
packetstormnews
packetstormnews
added 2025/05/24 12:0 a.m.7 views

Fixing 7,400 Bugs for 1$: Cheap Crash-Site Program Repair

The rapid advancement of bug-finding techniques has led to the discovery of more vulnerabilities than developers can reasonably fix, creating an urgent need for effective Automated Program Repair APR methods. However, the complexity of modern bugs often makes precise root cause analysis difficult...

6.7AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 4:28 a.m.14 views

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

10CVSS7.8AI score0.00792EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 4:13 a.m.11 views

CVE-2023-40193

Deco M4 firmware versions prior to 'Deco M4JPV21.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

8CVSS7.4AI score0.0035EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 3:8 a.m.6 views

CVE-2023-2260

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...

8.8CVSS6.7AI score0.00859EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:48 a.m.11 views

CVE-2023-2258

Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...

8.8CVSS6.8AI score0.00913EPSS
Exploits1References1
osv
osv
added 2025/04/09 3:2 a.m.3 views

MAL-2025-3185 Malicious code in esy-m4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d50f3c1994b8efe53e778d8ba331e1ceec48993b57b0fc3f279eb3f4b9dea361 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
nessus
nessus
added 2025/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2008-1688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames...

7.5CVSS5.7AI score0.02957EPSS
Exploits1References2
nessus
nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2008-1687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent...

7.5CVSS5.5AI score0.0245EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/02/05 1:1 p.m.10 views

CVE-2024-25634

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS6.7AI score0.00748EPSS
Exploits1References1
cvelist
cvelist
added 2024/07/08 7:29 a.m.42 views

CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...

4.6CVSS0.24031EPSS
Exploits0References1
nvd
nvd
added 2024/06/24 11:15 p.m.31 views

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

10CVSS0.00792EPSS
Exploits0References1
cve
cve
added 2024/06/24 12:0 a.m.51 views

CVE-2023-50029

CVE-2023-50029 affects PrestaShop’s M4 PDF Extensions (m4pdf) module up to version 3.3.2 by PrestaAddons. The vulnerability allows PHP injection through M4PDF::saveTemplate(), enabling arbitrary code execution. Documented impact is critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). No expl...

10CVSS8AI score0.00792EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/06/24 12:0 a.m.14 views

PT-2024-13851 · Prestashop · Prestashop M4 Pdf Extensions Module

Name of the Vulnerable Software and Affected Versions: PrestaShop M4 PDF Extensions module versions up to 3.3.2 Description: The issue allows attackers to run arbitrary code via the M4PDF::saveTemplate method, potentially leading to code injection attacks. This could enable malicious activities,...

10CVSS8AI score0.00792EPSS
Exploits0References3
cvelist
cvelist
added 2024/06/24 12:0 a.m.30 views

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

0.00792EPSS
Exploits0References1
Rows per page
Query Builder