790 matches found
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
CVE-2025-61019
A flaw was found in virtuoso-opensource. An attacker could send specially crafted SQL Structured Query Language statements to the sqlokeypartbest component, leading to a Denial of Service DoS. This vulnerability allows an attacker to disrupt the availability of the service...
EUVD-2025-210314
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
UBUNTU-CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61019
The data shows a vulnerability in virtuoso-opensource (openlink) version 7.2.11 affecting the sqlo_key_part_best component. The issue allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statements, with the root cause located in sqlo_key_part_best. The CVE entry is consistentl...
CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
EUVD-2026-38151
A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...
Astra Linux – Vulnerability in Thunderbird
If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...
Astra Linux – Vulnerability in nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...
MINI-Q527-QC6F-6VPF
Bulletin has no description...
PT-2026-50735
Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...
GHSA-4H4G-832R-8C7F vulnerabilities
Vulnerabilities for packages: chromium...
Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...
GHSA-45QJ-4XQ3-3C45
creationtimestamp| type| source ---|---|--- 2026-06-12 18:22:18+00:00| seen| https://gist.github.com/sandh0t/45fdee24a7907e0cd836aed26f2d5a7a...
MINI-PMHW-C6H3-844P
Bulletin has no description...
CVE-2026-49756
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...
MINI-Q25F-285J-8853
Bulletin has no description...
MINI-8X24-WVCM-PH2W
Bulletin has no description...
EUVD-2026-35488
Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...