36 matches found
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. IPFire has a cross-site scripting vulnerability, which stems from insufficient validation of input parameters for FS, PATH, and UUID in the extrahd.cgi script. This...
EUVD-2021-18858
Malware in sbrugna...
EUVD-2020-5209
Malware in sbrugna...
EUVD-2010-4225
Malware in sbrugna...
EUVD-2010-4446
Malware in sbrugna...
EUVD-2025-20026
Malicious code in bioql PyPI...
EUVD-2021-7572
Malicious code in bioql PyPI...
PT-2025-37874
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's block layer where an incorrect block size could cause a kernel panic. The issue stems from an improper setting of the block size, a critical parameter...
CVE-2025-53652
Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...
CVE-2025-38230
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...
CVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashes
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...
CVE-2025-22618
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcargo.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...
CVE-2025-22118 ice: validate queue quanta parameters to prevent OOB access
In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure endqid does not overflow by validating startqid and numqueues...
Path Traversal
Mattermost is vulnerable to Path Traversal. The vulnerability is caused due to lack of route parameters validation. This could allow an attacker to access files or directories outside the intended scope...
CVE-2023-6458 Client side path traversal due to lack of route parameters validation
Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal...
CVE-2023-20234
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...
Design/Logic Flaw
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...
CVE-2023-32306 Time Tracker has Blind SQL Injection Vulnerability in Reports
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not...
CVE-2022-42744
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...
Prototype Pollution
deep.assign is vulnerable to prototype pollution. The vulnerability exists in deepAssign function due to improper parameters validation which allows an attacker to inject malicious property resulting in prototype pollution...