GoBGP 安全漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of osrg GoBGP prior to 4.3.0 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter data1 in the file pkg/packet/bgp/bgp.go, which may lead to a...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

CVE-2025-33150

IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages...

PT-2025-46187

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics Certified Containers version 12.1.0 Description IBM Cognos Analytics Certified Containers version 12.1.0 may reveal package parameter information because of hidden pages. Recommendations At the moment, there is no...

EUVD-2016-7597

Malware in sbrugna...

EUVD-2018-2024

Malware in sbrugna...

EUVD-2024-49197

Malicious code in bioql PyPI...

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

Yue Lao Blind Box 代码问题漏洞

Yue Lao Blind Box 月老瞎盒 is a take-off program by imsue individual developers. A code issue vulnerability exists in Yue Lao Blind Box version 4.0 and prior versions, which stems from an incorrect manipulation of the parameter data that can lead to unlimited uploads...

PT-2024-26540 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/infoWeb deal.php. The mudi, dataType, and dataTypeCN parameters are involved. This allows for unauthorized actions to be...

HSC Cybersecurity HC Mailinspector 安全漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A security vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18. A remote attacker can exploit this vulnerability to obtain sensitive information about the start an...

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /matkul/data of the component POST Parameter Handler, where manipulation of the parameter...

InvenTree Cross-Site Scripting Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...

CVE-2022-22965

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...

DEBIAN-CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

CVE-2016-6694

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525...

5: stored and reflected XSS vulnerabilities

Multiple cross-site scripting XSS flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users...

IBM DB2数据库JAR文件处理多个拒绝服务漏洞

BUGTRAQ ID: 28835 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 DB2的RECOVERJAR和REMOVEJAR过程处理畸形参数数据时存在漏洞，如果用特殊参数调用了RECOVERJAR和REMOVEJAR过程的话，就可能导致DB2例程崩溃。 任何DB2数据库用户都可以利用这个漏洞，因为默认为这两个过程分配了PUBLIC权限。 IBM DB2 Universal Database 9.5 IBM DB2 Universal Database...