41 matches found
CVE-2026-5536
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-5475
NASA cFS up to 7.0.0 contains a memory corruption vulnerability in the CCSDS Header Size Handler. The affected function is CFE_SB_TransmitMsg in cfe_sb_priv.c, within the CCSDS Header Size Handler component. The issue is triggered by a manipulation of input leading to memory corruption. The CVE e...
CVE-2026-5475 NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption
A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...
CVE-2025-64712
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
Unstructured 安全漏洞
Unstructured is an open-source preprocessing tool for unstructured data developed by Unstructured. Versions of Unstructured prior to 0.18.18 contained a security vulnerability due to a path traversal vulnerability in the partitionmsg function. This vulnerability could allow arbitrary files to be...
CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
EUVD-2026-5120
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
CVE-2026-22881
CVE-2026-22881 affects Cybozu Garoon 5.15.0 through 6.0.3, where a cross-site scripting vulnerability in the Message function could allow an attacker to reset arbitrary users’ passwords. Root cause is not explicitly detailed beyond the XSS in the Message feature. No exploitation status or in-the-...
CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
Cybozu Garoon 跨站脚本漏洞
Cybozu Garoon is a portal-based OA office system developed by Cybozu. This system provides functions such as portals, email, bookmarks, calendar management, bulletin boards, and file management. Versions of Cybozu Garoon from 5.15.0 to 6.0.3 had a cross-site scripting vulnerability. This...
PT-2026-5616
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...
Directory Traversal
Overview unstructured is an A library that prepares raw documents for downstream ML tasks. Affected versions of this package are vulnerable to Directory Traversal via the partitionmsg function’s handling of attachment filenames in email MSG files. An attacker can exploit this vulnerability by...
CVE-2024-57440
D-Link DSL-3788 revA1 1.01R1B036EUEN is vulnerable to Buffer Overflow via the COMMMAKECustomMsg function of the webproc cgi...
CVE-2024-9686
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...
CVE-2024-34255
jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...
Design/Logic Flaw
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function...
CVE-2024-24278
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function...
PT-2023-25502 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: Prestashop opartlimitquantity versions 1.4.5 and earlier Description: The issue concerns sensitive SQL calls in the OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage function that can be executed with a trivial HT...