Exploit for CVE-2025-39247

CVE-2025-39247 - Target: HikCentral Professional HCMP, c...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

CVE-2024-50948

mochiMQTT v2.6.3 is vulnerable to Denial of Service DoS due to improper resource management. An attacker can exhaust system memory and crash the broker by establishing and maintaining a large number of malicious, long-term publish/subscribe sessions...

CVE-2024-50948

mochiMQTT v2.6.3 is vulnerable to Denial of Service DoS due to improper resource management. An attacker can exhaust system memory and crash the broker by establishing and maintaining a large number of malicious, long-term publish/subscribe sessions...

CVE-2024-50948

CVE-2024-50948 affects moch iMQTT server v2.6.3. The issue allows an attacker to trigger a Denial of Service via a crafted request, with network access and no user interaction required (CVSS v3.1 base score 7.5, data unavailable: no confidentiality/integrity impact; availability impact is High). ...

CVE-2024-36538

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

CVE-2024-37623

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the /kaoqin/tplkaoqinlocationchange.html component...

CVE-2024-37624

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the /chajian/inputChajian.php. component...

CVE-2024-37624

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the /chajian/inputChajian.php. component...

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

CVE-2024-37624

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the /chajian/inputChajian.php. component...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

CVE-2023-41564

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...

CVE-2023-29815

mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...

CVE-2023-29815

The CVE-2023-29815 entry affects mccms v2.6.3 and is a Cross Site Request Forgery (CSRF) vulnerability. The available sources confirm the vulnerable component (mccms v2.6.3) and classify the impact as high (CVSS: 8.8, NETWORK attack vector, user interaction required). Connected documents do not p...

CVE-2022-41442

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...

CVE-2022-41442

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...

Cross site scripting

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...

CVE-2022-41442

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...