Lucene search
K

20 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Jellystat SQL注入漏洞

Jellystat is a free and open-source statistical application developed by Thegan Govender as an individual project. Versions of Jellystat prior to 1.1.10 contained a SQL injection vulnerability. This vulnerability stemmed from multiple API endpoints that constructed queries by directly inserting...

9.1CVSS6.2AI score0.0052EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 7:47 p.m.3 views

CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.12 views

PT-2026-8286

CVE-2026-26296 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2026-26296 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53423

CVE-2025-68690 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-68690 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.5 views

PT-2025-47116

CVE-2025-65071 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-65071 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.5AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3370

Malware in sbrugna...

9.3CVSS8.6AI score0.02662EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.5 views

PT-2025-33610 · Undefined · Undefined

CVE-2025-55720 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-55720 Published : Aug. 15, 2025, 3:15 a.m. | 2 hours, 46 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, a...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/06/23 1:31 a.m.5 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS5.7AI score0.00369EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.3 views

X.org XFIXES 信息泄露漏洞

X.org XFIXES is a Windows system extension from the X.org Foundation. An information disclosure vulnerability exists in X.org XFIXES that stems from an unvalidated request length that could result in reading unexpected memory...

6.1CVSS5.9AI score0.00369EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.4 views

PT-2025-18239 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated request parameter. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.3 views

PT-2025-16304 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A vulnerability has been identified, but details are not provided. The issue is related to an unvalidated request parameter in an unspecified product. Recommendations: At the moment, there i...

6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/07 12:0 a.m.10 views

CVE-2025-28407

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...

7.3AI score0.00543EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/11/02 10:40 a.m.4 views

cxf: OAuth 2 authorization service vulnerable to DDos attacks

CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...

7.5CVSS7.4AI score0.06593EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.6 views

Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in Kimai 2, which stems from the product's failure to validate that a request originated from a trusted user. An attacker could use this vulnerability to send unintended...

4.6CVSS4.9AI score0.00371EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.5 views

Per Nilsson yubihsm-connector 安全漏洞

Per Nilsson yubihsm-connector is a Per Nilsson open source application. A self-documenting file is provided. A security vulnerability exists in Yubico yubihsm-connector versions prior to 3.0.1, which stems from the handler not validating the length of a request...

7.5CVSS7.2AI score0.01521EPSS
Exploits0References4
Veracode
Veracode
added 2020/08/31 3:47 a.m.36 views

Denial Of Service (DoS)

xorg-server is vulnerable to denial of service. The vulnerability exists as the handler for the XkbSetNames request does not validate the request length before accessing its contents, causing an integer underflow in the handler for the XIChangeHierarchy request through XkbSelectEvents...

7.8CVSS7.4AI score0.00613EPSS
Exploits0References6Affected Software2
CNVD
CNVD
added 2018/09/18 12:0 a.m.4 views

Unspecified Vulnerability in IBM Connections

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A security vulnerabili...

4.9CVSS5.1AI score0.00979EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/05 12:0 a.m.9 views

wpForo Forum Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wpForo Forum plugin is used in one of the forum plugin . WordPress wpForo Forum plugin version 1.4.12 before the...

6.1CVSS5.8AI score0.0363EPSS
Exploits1References1
Palo Alto Networks
Palo Alto Networks
added 2017/07/20 8:10 p.m.10 views

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...

6.1CVSS6AI score0.01195EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/01/04 12:0 a.m.17 views

EasyCafe Server <= 2.2.14 Remote File Read Vulnerability - Active Check

EasyCafe Server is prone to a remote file read vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.01519EPSS
Exploits0References3
Rows per page
Query Builder