20 matches found
Jellystat SQL注入漏洞
Jellystat is a free and open-source statistical application developed by Thegan Govender as an individual project. Versions of Jellystat prior to 1.1.10 contained a SQL injection vulnerability. This vulnerability stemmed from multiple API endpoints that constructed queries by directly inserting...
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
PT-2026-8286
CVE-2026-26296 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2026-26296 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...
PT-2025-53423
CVE-2025-68690 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-68690 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2025-47116
CVE-2025-65071 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-65071 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
EUVD-2020-3370
Malware in sbrugna...
PT-2025-33610 · Undefined · Undefined
CVE-2025-55720 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-55720 Published : Aug. 15, 2025, 3:15 a.m. | 2 hours, 46 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, a...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...
X.org XFIXES 信息泄露漏洞
X.org XFIXES is a Windows system extension from the X.org Foundation. An information disclosure vulnerability exists in X.org XFIXES that stems from an unvalidated request length that could result in reading unexpected memory...
PT-2025-18239 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated request parameter. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
PT-2025-16304 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A vulnerability has been identified, but details are not provided. The issue is related to an unvalidated request parameter in an unspecified product. Recommendations: At the moment, there i...
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...
cxf: OAuth 2 authorization service vulnerable to DDos attacks
CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...
Kimai 跨站请求伪造漏洞
Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in Kimai 2, which stems from the product's failure to validate that a request originated from a trusted user. An attacker could use this vulnerability to send unintended...
Per Nilsson yubihsm-connector 安全漏洞
Per Nilsson yubihsm-connector is a Per Nilsson open source application. A self-documenting file is provided. A security vulnerability exists in Yubico yubihsm-connector versions prior to 3.0.1, which stems from the handler not validating the length of a request...
Denial Of Service (DoS)
xorg-server is vulnerable to denial of service. The vulnerability exists as the handler for the XkbSetNames request does not validate the request length before accessing its contents, causing an integer underflow in the handler for the XIChangeHierarchy request through XkbSelectEvents...
Unspecified Vulnerability in IBM Connections
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A security vulnerabili...
wpForo Forum Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wpForo Forum plugin is used in one of the forum plugin . WordPress wpForo Forum plugin version 1.4.12 before the...
Cross-Site Scripting in PAN-OS
A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...
EasyCafe Server <= 2.2.14 Remote File Read Vulnerability - Active Check
EasyCafe Server is prone to a remote file read vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...