19892 matches found
EUVD-2018-21742
Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by...
CVE-2018-25238
VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application...
CVE-2018-25243
Microsoft FastTube 1.0.1.0 is affected by a local denial-of-service vulnerability where an excessively long input to the search function (about 1900 characters) can crash the application when the search is executed. The issue is described as a DoS with local access and low attack complexity. No p...
CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service
Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...
CVE-2018-25243
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation ...
CVE-2018-25240
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the...
GHSA-2C6H-4899-WJXR scaly: Multiple soundness issues in Rust safe APIs
Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...
scaly: Multiple soundness issues in Rust safe APIs
Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...
EUVD-2017-18957
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
Eco Search 安全漏洞
Eco Search is a search tool developed by the Eco Search company. Version 1.0.2.0 of Eco Search contains a security vulnerability. This vulnerability arises from the search function’s improper handling of extremely long strings, which may allow local attackers to cause the application to crash by...
PT-2026-30364
Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search...
PT-2026-30361
Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to caus...
CVE-2026-34938
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...
CVE-2017-20234
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20234
CVE-2017-20234 affects GarrettCom Magnum 6K and 10K managed switches, where an authentication bypass exists due to a hardcoded string in the authentication mechanism. The vulnerability allows unauthenticated attackers to access administrative functions and sensitive switch configuration without v...
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20234
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...
Use of GET Request Method With Sensitive Query Strings
Overview @immich/sdk is an Auto-generated TypeScript SDK for the Immich API Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the transmission of authentication credentials in the password parameter within the HTTP request query string...