126 matches found
PT-2026-43295
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of user-supplied input leads to a local file inclusion, which allows an attacker to include files on the local server. Recommendations At the...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Reader\Xml process when processing SpreadsheetML XML files containing a crafted ss:Index...
PT-2026-26477
Name of the Vulnerable Software and Affected Versions DiceBear versions prior to 5.4.4 DiceBear versions 6.1.4 and earlier DiceBear versions 7.1.4 and earlier DiceBear versions 8.0.3 and earlier DiceBear versions 9.4.1 and earlier Description The software does not properly escape SVG attribute...
EUVD-2021-13956
Malware in sbrugna...
UBUNTU-CVE-2025-41234
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...
CVE-2025-2244
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...
CVE-2024-8182
An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...
CVE-2024-8182 Flowise Denial of Service
An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...
CVE-2024-8182
Flowise vulnerability CVE-2024-8182 is an unauthenticated Denial of Service affecting Flowise v1.8.2. The issue stems from improper handling of user-supplied input to the /api/v1/get-upload-file endpoint, which can cause the instance to crash when processing requests. The available connected docu...
CVE-2023-51734
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...
CVE-2023-51723
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
CVE-2023-51733 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the...
CVE-2023-51730 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
CVE-2023-51723 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
PT-2023-20639 · Ox Software Gmbh +1 · Ox App Suite +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a widget that allows specifying a product description, which is taken from a user-controllable source and added to the DOM without...
Fedora 38 : picocli (2023-27ec59a486)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-27ec59a486 advisory. Update to version 4.7.4 Security fix for CVE-2022-41854 Tenable has extracted the preceding description block directly from the Fedora security...
SUSE CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...
Link Preload XSS
Description Link preloads do not effectively confirm if the requested link is external. Parser differentials can be used to bypass existing external URL check. Root Cause payload.client.ts contains the following code on link prefetch: ts nuxtApp.hooks.hook'link:prefetch', url = if...