Lucene search
+L

15 matches found

RedHat Linux
RedHat Linux
added 4 days ago8 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00471EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00471EPSS
Exploits1References5
NVD
NVD
added 2026/06/28 12:17 p.m.10 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/28 10:45 a.m.10 views

EUVD-2026-39989

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 10:45 a.m.36 views

CVE-2026-13489 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 10:45 a.m.10 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/28 10:45 a.m.4 views

CVE-2026-13489 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

2.3CVSS5.2AI score0.00228EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.17 views

PT-2026-53102

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A weakness in the MCP Response Handler component allows for improper synchronization. This issue occurs within the ParseMessage function located in the main/mcp server.cc file. Remote...

3.1CVSS5.7AI score0.00228EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

6.1CVSS5.6AI score0.00471EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:50 p.m.20 views

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

8.1CVSS5.4AI score0.00471EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/05 9:50 p.m.6 views

GHSA-V2V4-37R5-5V8G ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

5.3CVSS5.4AI score0.00471EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/28 12:0 a.m.8 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...

8.7CVSS5.8AI score0.00501EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.6 views

Folding@home fah-control Security Vulnerability

fah-control is a Folding@home open source Client Advanced Control GUI. A security vulnerability exists in the Folding@home Client Advanced Control GUI that allows an attacker to execute arbitrary code by manipulating the parsemessage function...

9.8CVSS7.7AI score0.00975EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/14 8:15 p.m.3 views

CVE-2021-45769

A NULL pointer dereference in AcseConnectionparseMessage at src/mms/isoacse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash...

7.5CVSS5.8AI score0.01062EPSS
Exploits1References2
CNVD
CNVD
added 2017/07/19 12:0 a.m.9 views

PHP msgfmt_parse_message stack buffer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

9.8CVSS8.5AI score0.0291EPSS
Exploits0References1
Rows per page
Query Builder