Lucene search
+L

55 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:10 a.m.6 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score0.00428EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:32 a.m.12 views

CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.43 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/01 4:32 a.m.11 views

EUVD-2026-40907

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 4:32 a.m.19 views

CVE-2026-12127

WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/17 1:45 p.m.34 views

CVE-2026-55738 Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field

A stack-based buffer overflow exists in the rawtoheader function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...

8.8CVSS0.00635EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 6:4 p.m.23 views

CVE-2026-43623

CVE-2026-43623 affects microtar up to version 0.1.0. A stack-based buffer overflow in the raw_to_header() function (src/microtar.c) can be triggered by crafted TAR archives with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar fields, which can write ...

8.8CVSS6AI score0.00318EPSS
Exploits0References4
OSV
OSV
added 2026/06/01 6:4 p.m.4 views

CVE-2026-43623 microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.7CVSS6.3AI score0.00318EPSS
Exploits0References7
Veracode
Veracode
added 2026/04/30 6:14 a.m.10 views

Null Pointer Dereference

github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...

8.7CVSS7.7AI score0.00495EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/24 1:44 a.m.12 views

SUSE CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...

5CVSS5.8AI score0.04201EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/06 12:24 a.m.6 views

SUSE CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7.2AI score0.00495EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:8 p.m.7 views

CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7.1AI score0.00495EPSS
Exploits1References1
NVD
NVD
added 2025/12/16 10:15 p.m.8 views

CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS0.00495EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/16 10:2 p.m.24 views

CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS0.00495EPSS
Exploits1References2
CVE
CVE
added 2025/12/16 10:2 p.m.24 views

CVE-2025-68274

CVE-2025-68274 describes a nil pointer dereference in the SIPGO library when building SIP responses with NewResponseFromRequest, triggered if the incoming SIP request is missing a To header. The issue can cause a remote attacker to crash SIP applications that use this function, effectively a deni...

8.7CVSS6.8AI score0.00495EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/12/16 10:2 p.m.6 views

EUVD-2025-203854

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS6.6AI score0.00495EPSS
Exploits1References2
OSV
OSV
added 2025/12/16 10:2 p.m.8 views

CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7AI score0.00495EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/16 9:24 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the NewResponseFromRequest function. An attacker can cause the application to crash by sending a specially crafted SIP request that omits the required To header. Remediation Upgrade github.com/emiago/sipgo/s...

8.7CVSS6.8AI score0.00495EPSS
Exploits1References2
Rows per page
Query Builder