15 matches found
GHSA-CJ8J-37RH-8475 Bouncy Castle Uncontrolled Resource Consumption vulnerability
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This issue affects BC-JAVA before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...
CVE-2026-3505
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...
CVE-2026-1877
The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...
CVE-2019-25477 RAR Password Recovery 1.80 Denial of Service Buffer Overflow
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...
EUVD-2026-11115
Update to verison IFTOPP4181 or later...
CVE-2025-68463
Bio.Entrez in Biopython through 186 allows doctype XXE...
CVE-2025-8217
The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...
CVE-2023-22807
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol...
CVE-2022-3737
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these...
CVE-2022-25411
A Remote Code Execution RCE vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2021-29212
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality,...
PT-2020-5910 · Phoenix Contact · Pc Worx Express +1
Name of the Vulnerable Software and Affected Versions: Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier Description: The issue is related to the parsing of PLCopen XML files in Phoenix Contact PC Worx and PC Worx Express, which can lead to a stack-based overflow due to...
CVE-2018-8871
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution...
WordPress WP External Links plugin cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WP External Links version 1.80. An attacker is able to inject malicious script...