3092 matches found
CVE-2026-0932
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
EUVD-2026-17865
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
CVE-2026-0932
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
CVE-2026-0932
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
CVE-2026-0932
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
CVE-2026-0932
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
CVE-2026-0932
CVE-2026-0932 affects M-Files Server (legacy document co-authoring, SSRF) prior to version 26.3. An unauthenticated attacker can cause the server to issue HTTP GET requests to arbitrary URLs via legacy connection methods used in the document co-authoring feature. Root cause is a server-side reque...
M-Files Server 安全漏洞
The M-Files Server is a server belonging to the M-Files company’s M-Files system. Versions of the M-Files Server prior to 26.3 contained security vulnerabilities. These vulnerabilities stemmed from an outdated connection method used in the document collaborative editing feature, which allowed for...
PT-2026-29509
Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...
EUVD-2016-10843
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...
CVE-2016-20044
CVE-2016-20044 concerns PInfo 0.6.9-5.1, where a local buffer overflow via the -m parameter allows a local attacker to execute arbitrary code. The advisory describes crafting input with 564 bytes of padding followed by a return address to overwrite the instruction pointer and run shellcode with t...
CVE-2016-20044 PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...
CVE-2016-20044 PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
EUVD-2019-20018
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...
CVE-2019-25639
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...
CVE-2019-25639
Affected software : Matrimony Website Script M-Plus. Vulnerability : multiple SQL injection flaws allow unauthenticated attackers to manipulate queries by injecting SQL through POST parameters (txtGender, religion, Fage, cboCountry) in pages such as simplesearch_results.php, advsearch_results.php...
GHSA-3M6G-2423-7CP3 vulnerabilities
Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby, cinc-auditor, logstash, ruby3.4-rails, ruby4.0-rails, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-rails...
EUVD-2026-13149
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...