CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

CVE-2025-54564

The CVE-2025-54564 entry affects ChargePoint Home Flex 5.5.4.13. It stems from the uploadsm component failing to validate a user-controlled string during bz2 decompression, enabling command execution as the nobody user. According to the initial data, this is a local vulnerability with a CVSS 3.1 ...

GO-2022-1187 Open redirect vulnerability in github.com/go-macaron/i18n

A user controlled string could lead to open redirect...

Potential XSS vulnerability in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact ------ When an HTML-unsafe string is passed as the default...

CVE-2019-10623

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in...

Integer overflow

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in...

git-fastclone command execution vulnerability

git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...