CVE-2021-23495

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the returnurl query parameter...

CVE-2021-23495

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the returnurl query parameter...

Open redirect

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the returnurl query parameter...

CVE-2021-23495

Summary: Karma (JavaScript test runner) before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter. Affected component: karma

CVE-2021-23495 Open Redirect

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the returnurl query parameter...

JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from JetBrains Czech Republic. JetBrains Hub has a server-side request forgery vulnerability that stems from the software's lack of validation for request forgery, which can be exploited by attackers to conduct server-side request forgery SSRF attacks...

CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SourceCodester Storage Unit Rental Management System SQL Injection Vulnerability

SourceCodester Storage Unit Rental Management System is a storage unit rental management system that helps manage storage unit rental business records and monitor their records. sourceCodester Storage Unit Rental Management A SQL injection vulnerability exists in the v1 version of the System. The...

Mysiteforme 跨站请求伪造漏洞

Mysiteforme is a permission management system. A cross-site request forgery vulnerability exists in mysiteforme, which stems from a lack of validation for cross-site request forgery in the backend blog administration. An attacker could use a forged malicious request to trick a victim into clickin...

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service abort because of missing call-setup input validation...

Prototype Pollution

Overview convict is a package that expands on the standard pattern of configuring node.js applications in a way that is more robust and accessible to collaborators, who may have less interest in digging through imperative code in order to inspect or modify settings. By introducing a configuration...

CVE-2021-41789

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN2019042601...

CVE-2021-41789

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN2019042601...

CVE-2021-44273

e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...

CVE-2021-39643

In icstartRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

ZZCMS dl_sendmail.php SQL Injection Vulnerability

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS is vulnerable to SQL injection, which stems from a missing validation of externally entered SQL statements in the id parameter of admin/dlsendmail.php. An attacker could use this vulnerability to execute illegal SQL...

BookStack 跨站请求伪造漏洞

BookStack is the BookStackApp team's open source platform for building wiki documents using PHP and Laravel. bookstack suffers from a cross-site request forgery vulnerability, which stems from the software's lack of validation for cross-site request forgery. An attacker could use this vulnerabili...

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

PYSEC-2021-400

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...