CISA Software Acquisition Guide Supplier Response Web Tool XSS

RISK EVALUATION The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The...

Deserialization Of Untrusted Data

Whoogle Search is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper input sanitization due to the handling of crafted search queries in the /models/config.py component...

CVE-2024-37177

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

UBUNTU-CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

UBUNTU-CVE-2022-40149

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...