14 matches found
CVE-2026-10863
CVE-2026-10863 affects MISP’s correlations/over-correlations endpoint. Affected: app/Controller/CorrelationsController.php (overCorrelations). Vulnerability arises from accepting user-controlled order query parameters, allowing an authenticated user to influence the ordering of the over-correlati...
EUVD-2026-29460
CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...
CVE-2023-49110
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
CVE-2025-14823
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...
CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...
CVE-2023-49110
CVE-2023-49110 describes an XML External Entity (XXE) injection in Kiuwan SAST when the Kiuwan Local Analyzer uploads scan results. The issue arises during server-side processing of XML files in a ZIP payload, where external XML entities are resolved. A privileged attacker who can scan source cod...
CVE-2023-49110 XML External Entity Injection in Kiuwan SAST
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
Design/Logic Flaw
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execut...
Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execut...
Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execut...
Code insertion in Blogger comments
Having notified Blogger of this twice over the course of a number of months, and not seeing them take any action beyond saying that they'll look at it or warn their users, I think it's time to warn people. Under the following conditions, Blogger weblogs are vulnerable to executable code insertion...
Microsoft IIS 4.0 - Remote Buffer Overflow (2)
Microsoft IIS 4.0 - Remote Buffer Overflow 2 source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacke...