ROS-20260529-73-0014

The vulnerability in openbao is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2026-36399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access occurs in the st lsm6dsx hwfifo odr store function when userspace writes to the buffer sampling frequency sysfs attribute. This function calls st lsm6dsx check od...

NVIDIA Triton Inference Server 安全漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI capabilities in production environments. NVIDIA Triton Inference Server has a security vulnerability that stems from insufficient input...

ROS-20260209-73-0019

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

ROS-20260209-73-0018

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

ROS-20260209-73-0020

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a deadlock and link starvation issue in the output data path of the ngsm driver...

UBUNTU-CVE-2024-50232

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fix division by zero in ad7124setchannelodr In the ad7124writeraw function, parameter val can potentially be zero. This may lead to a division by zero when DIVROUNDCLOSEST is called within ad7124setchannelodr. T...

ROS-20240708-02

A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...

ROS-20230620-06

Vulnerability of the GENERALNAMEcmp function of OpenSSL library is related to a flaw in the mechanism of data type conversion data type conversion mechanism when processing x400 addresses. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service A...

ROS-20220920-01

The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...

WordPress plugin wpWax Team 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress wpWax Team 1.2.6 and prior versions, which stems from the program's lack of checksum...

Shopware Cross-Site Scripting Vulnerability (CNVD-2022-58390)

Shopware is a German Shopware company's open source e-commerce software. A cross-site scripting vulnerability exists in Shopware versions prior to 5.7.12, which stems from a lack of checksum filtering of user-supplied and output data during login authentication. An attacker can exploit this...

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58894)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Co. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in /index/notice/show. An attacker could exploit...

Trendnet IP-110wn prefix parameter cross-site scripting vulnerability

Trendnet IP-110wn is a wireless network camera from Trendnet. A cross-site scripting vulnerability exists in the Trendnet IP-110wn camera fwtv-ip110wnv2 1.2.2.68 version, which stems from a lack of checksum filtering of user-supplied and output data in the prefix parameter in /admin/general.cgi. ...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' through the index.inc.php in setup/frames file. An attacker can inject BBCo...