29 matches found
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950 Laravel Nova 3.7.0 - 'range' DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
EUVD-2020-30865
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
CVE-2020-36950 affects Laravel Nova 3.7.0. The issue is a denial-of-service vulnerability where authenticated users can crash the application by manipulating the range parameter. Attackers can issue simultaneous requests with an extremely high range value to overwhelm and crash the server. The av...
PT-2026-4929
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
Laravel Nova security vulnerabilities
Laravel Nova is an open-source management panel software developed by Laravel. Version 3.7.0 of Laravel Nova contains a security vulnerability, which stems from improper handling of the range parameter. This vulnerability could lead to a denial-of-service attack...
EUVD-2025-13954
Malicious code in bioql PyPI...
CVE-2025-4127
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-4127
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin WP SEO Structured Data Schema 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-3755
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
CVE-2023-3755 Creativeitem Atlas Business Directory Listing filter_listings cross site scripting
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
Atlas Business Directory Listing 跨站脚本漏洞
codecanyon Atlas Business Directory Listing is a system by codecanyon, Inc. A cross-site scripting vulnerability exists in Atlas Business Directory Listing version 2.13, which stems from a cross-site scripting XSS vulnerability in the parameter price-range...
GHSA-H423-W6QV-2WJ3 parse-server crashes when receiving file download request with invalid byte range
Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...
parse-server crashes when receiving file download request with invalid byte range
Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...
Github-Todos 操作系统命令注入漏洞
Github-Todos is used to convert Todo to Github issues by the French individual developer Nicolas Chambrier. A security vulnerability exists in naholyr github-todos 3.1.0, which stems from the range parameter of the hook subcommand being concatenated without any validation and used directly by the...