Lucene search
K

60 matches found

Snyk
Snyk
added 2025/09/19 5:42 a.m.2 views

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via improper validation of the leconnrsp process. An attacker can cause information disclosure, data manipulation, or denial of service by sending specially crafted Bluetooth connectio...

7.6CVSS6.7AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.4 views

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from a BLE connection response handler function that does not validate whether a response is expected and relies only on identifier matching...

8.1CVSS6.8AI score0.0037EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/30 2:5 p.m.39 views

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

6.9CVSS0.00384EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.2 views

PT-2025-30267 · Recursor +1 · Recursor +1

Name of the Vulnerable Software and Affected Versions: versions prior to the updated version Description: An attacker spoofing responses to ECS-enabled requests sent by the Recursor may succeed. The updated version includes mitigations against spoofing attempts of ECS-enabled queries by chaining...

7.5CVSS6.2AI score0.00229EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/06/12 10:2 a.m.18 views

CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service...

6.5CVSS0.00649EPSS
Exploits1References5
OSV
OSV
added 2025/04/09 5:4 p.m.4 views

DRUPAL-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

6.5CVSS6.9AI score0.00419EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/02/28 5:30 p.m.20 views

USN-7309-1: Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

10CVSS8.3AI score0.10684EPSS
Exploits4
OSV
OSV
added 2025/02/03 9:10 a.m.3 views

SUSE-SU-2025:20090-1 Security update for cups

This update for cups fixes the following issues: - Version upgrade to 2.4.11: See https://github.com/openprinting/cups/releases CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support checkbox support, modifying printers and others fixes...

7.5CVSS7.3AI score0.02421EPSS
Exploits5References8
SUSE CVE
SUSE CVE
added 2024/11/20 3:49 a.m.4 views

SUSE CVE-2024-53059

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...

5.5CVSS8AI score0.00282EPSS
Exploits0References17
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.283 views

MantisBT Admin SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...

6.5CVSS7AI score0.11311EPSS
Exploits8
Veracode
Veracode
added 2024/07/23 7:59 a.m.11 views

Improper Response Validation

dnsjava is vulnerable to Improper Response Validation. The vulnerability is due to records in DNS replies not being checked for their relevance to the query, allowing an attacker to respond with RRs from different zones...

8.9CVSS6.6AI score0.00392EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/04/17 7:15 p.m.15 views

CVE-2024-3323

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS8.3AI score0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 6:53 p.m.22 views

CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS8.4AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 6:53 p.m.86 views

CVE-2024-3323

CVE-2024-3323 affects TIBCO JasperReports Server versions 8.0.4 and 8.2.0 (UI Request/Response Validation). The issue is a reflected Cross-Site Scripting vulnerability that allows injection of malicious scripts into a trusted app, potentially stealing a user’s active session cookie when a user cl...

8.3CVSS6.9AI score0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 6:53 p.m.11 views

CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS7AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 10:2 a.m.7 views

CVE-2024-26811 ksmbd: validate payload size in ipc response

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid...

5.5CVSS6AI score0.00262EPSS
Exploits0References11
OSV
OSV
added 2023/12/29 12:0 a.m.20 views

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

6.1CVSS6.4AI score0.00442EPSS
Exploits1References3
OSV
OSV
added 2023/12/12 12:15 p.m.4 views

CVE-2023-48431

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...

8.6CVSS5.7AI score0.00616EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.4 views

Siemens SINEC INS Code Issue Vulnerability

Siemens SINEC INS is a software from Siemens Germany that provides centralized services for network infrastructure. A code issue vulnerability exists in Siemens SINEC INS that stems from an inability to properly validate responses received by the UMC server...

8.6CVSS7AI score0.00616EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.5 views

PT-2023-28147 · Sustainsys +1 · Sustainsys.Saml2 +1

Name of the Vulnerable Software and Affected Versions: Sustainsys.Saml2 versions prior to 1.0.3 Sustainsys.Saml2 versions prior to 2.9.2 Description: The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. When a response is...

7.5CVSS6.2AI score0.00601EPSS
Exploits0References13
Rows per page
Query Builder