Lucene search
+L

8 matches found

euvd
euvd
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-176172

Malicious code in stub-encode-object-meta-info npm...

6.6AI score
Exploits0
bdu_fstec
bdu_fstec
added 2025/10/28 12:0 a.m.4 views

Vulnerability of the HTTP Meta Info fields, Footer Copyright, and Footer Version fields in the administration interface for creating collaborative web applications – XWiki Platform. This allows attackers to perform cross-site scripting attacks (XSS).

The vulnerabilities of the HTTP Meta Info, Footer Copyright, and Footer Version fields in the administration interface for the XWiki Platform’s collaborative web applications are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities could allow...

5.5CVSS5.6AI score0.00464EPSS
Exploits1References2Affected Software1
osv
osv
added 2025/10/01 12:15 p.m.6 views

UBUNTU-CVE-2023-53509

In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qedmcptracedump By default, qedmcpcmdandunion delays 10us at a time in a loop that can run 500K times, so calls to qedmcpnvmrdcmd may block the current thread for over 5s. We observed thread scheduling delays...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References6
cve
cve
added 2025/08/20 12:0 a.m.29 views

CVE-2025-51990

XWiki 17.3.0 and earlier are affected by stored XSS in the Administration interface (Presentation section of Global Preferences). An authenticated administrator can inject JavaScript into the HTTP Meta Info, Footer Copyright, and Footer Version fields; these payloads are stored and rendered witho...

4.8CVSS6AI score0.00464EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/08/20 12:0 a.m.7 views

PT-2025-34072

Name of the Vulnerable Software and Affected Versions: XWiki versions through 17.3.0 Description: XWiki is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticat...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2023/01/03 12:0 a.m.4 views

PT-2025-40216

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.182+ 202104120910+6d1da174272d.61x Description The Linux kernel contains a flaw within the qed driver related to the qed mcp trace dump function. The qed mcp cmd and union function can cause delays exceeding ...

5.5CVSS5.5AI score0.00145EPSS
Exploits0
osv
osv
added 2020/09/01 9:15 p.m.6 views

CVE-2020-6152

A code execution vulnerability exists in the DICOM parsedicommetainfo functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file...

7.8CVSS7.5AI score0.01943EPSS
Exploits1References1
osv
osv
added 2019/08/21 6:15 p.m.6 views

CVE-2019-5041

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file t...

8.8CVSS7.9AI score0.03282EPSS
Exploits0References1
Rows per page
Query Builder