Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/17 12:0 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the MariaDBFilterExpressionConverter, which allows attackers to bypass metadata-based access controls and execute SQL statements with malicious JSONVALUE input. Remediation Upgrade...

8.8CVSS6AI score0.00522EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.21 views

CVE-2025-61550

Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...

0.00187EPSS
Exploits2References1
Snyk
Snyk
added 2026/01/01 11:39 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /siteVar/save.do endpoint. An attacker can inject and execute arbitrary scripts by submitting crafted input to the Remark or Variable Value parameters. Details Cross-site scripting or XSS is a code...

5.4CVSS5.5AI score0.00224EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.5 views

CVE-2024-3927

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

5.3CVSS5.9AI score0.00425EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/21 1:40 a.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the DecodeFromBytes function in bgp.go. The softwareVersionLen parameter is not checked for the case where it is set to 0. As a result, an attacker can trigger a panic by sending a malicious packet with a zero value...

9.2CVSS7.1AI score0.00458EPSS
Exploits0References2
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-524

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2021/05/14 7:22 p.m.4 views

CVE-2021-29596

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1
Prion
Prion
added 2021/01/12 3:15 p.m.32 views

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

3.5CVSS5.3AI score0.00529EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2014/03/26 12:0 a.m.29 views

CVE-2014-0142

QEMU, possibly before 2.0.0, allows local users to cause a denial of service divide-by-zero error and crash via a zero value in the 1 tracks field to the seektosector function in block/parallels.c or 2 extentsize field in the bochs function in block/bochs.c...

5.5CVSS6.8AI score0.00382EPSS
Exploits0References3
CERT
CERT
added 2001/07/18 12:0 a.m.34 views

Linux kernel does not properly validate user input via sysctl for negative value

Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...

4.6CVSS5.5AI score0.00776EPSS
Exploits0References15
Rows per page
Query Builder