Lucene search
K

11 matches found

Nuclei
Nuclei
added 20 hours ago26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.155 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS9.1AI score0.99485EPSS
Exploits20References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS5.5AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/11/25 10:25 p.m.15 views

CVE-2025-65942

VictoriaMetrics versions 1.0.0–1.110.22, 1.111.0–1.122.7, and 1.123.0–1.129.0 are affected by a DoS/OOM vulnerability in the Snappy decoder that ignores request size limits and can trigger excessive memory usage via malformed blocks. The underlying cause is the decoder not enforcing block-size ch...

2.7CVSS6.4AI score0.00298EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/10/17 4:3 p.m.5 views

CVE-2025-59043

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

7.5CVSS6.8AI score0.00655EPSS
Exploits0
OSV
OSV
added 2024/12/04 3:15 p.m.1 views

UBUNTU-CVE-2024-53127

In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...

5.5CVSS6.4AI score0.00223EPSS
Exploits0References41
OSV
OSV
added 2024/10/25 11:9 a.m.2 views

OESA-2024-2297 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

5.3CVSS6.8AI score0.0326EPSS
Exploits1References4
OSV
OSV
added 2024/10/18 11:9 a.m.3 views

OESA-2024-2268 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

5.3CVSS6.8AI score0.0326EPSS
Exploits1References4
OSV
OSV
added 2024/03/18 11:15 a.m.1 views

UBUNTU-CVE-2023-52611

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host maxreqsize in the RX path Lukas reports skboverpanic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D G12B SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he observ...

5.5CVSS6.5AI score0.00224EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2023/12/13 12:0 a.m.7 views

The vulnerability of the `max_request_duration` component in the platform for archiving corporate information, HashiCorp Vault and Vault Enterprise, allows a perpetrator to trigger a service failure.

The vulnerability of the maxrequestduration component in the HashiCorp Vault and Vault Enterprise platforms for archiving corporate information involves unlimited resource allocation during HTTP request processing. Exploiting this vulnerability could allow a malicious actor to cause service...

7.8CVSS7.2AI score0.00792EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2023/04/19 6:15 p.m.10 views

GHSA-QW69-RQJ8-6QW8 OutOfMemoryError for large multipart without filename in Eclipse Jetty

Impact Servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part that has a name but no filename and a very large content. This...

5.3CVSS6.8AI score0.0326EPSS
Exploits0References11
Rows per page
Query Builder