Lucene search
K

13 matches found

OSV
OSV
added 2026/02/02 6:29 p.m.2 views

GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

8.7CVSS5.4AI score0.00559EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/02 6:29 p.m.8 views

jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/01/23 8:17 p.m.2 views

Access Control Bypass

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Access Control Bypass via a permissive permission check in attachment.php. An attacker can gain unauthorized access to download attachments by exploitin...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.4 views

CVE-2021-41171

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

8.8CVSS6.7AI score0.01883EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/24 11:34 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

6.9CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0366

Malicious code in bioql PyPI...

8.2CVSS6.8AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2024/12/09 1:35 p.m.8 views

CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

7.6CVSS6.6AI score0.00653EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/09 1:35 p.m.22 views

CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

7.6CVSS0.00653EPSS
Exploits0References1
OSV
OSV
added 2023/12/17 7:15 a.m.2 views

CVE-2023-6893

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input...

7.5CVSS4.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.5 views

PT-2023-32803 · Hikvision · Hikvision Intercom Broadcasting System

Name of the Vulnerable Software and Affected Versions: Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASEHIK through 3.0.3 20201113 RELEASEHIK Description: A vulnerability was found in the Hikvision Intercom Broadcasting System, affecting some unknown functionality of the file...

7.5CVSS5AI score0.70224EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/12/15 9:15 p.m.5 views

CVE-2022-4524

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function languageattributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack...

6.1CVSS3.6AI score0.00555EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2022/11/11 9:15 p.m.5 views

PYSEC-2022-43018

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...

8.2CVSS6.2AI score0.00339EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.4 views

PT-2022-26136 · Wsgidav · Wsgidav

Name of the Vulnerable Software and Affected Versions: WsgiDAV versions prior to 4.1.0 Description: Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue occurs when untrusted data is displayed in the directory...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References10
Rows per page
Query Builder