Lucene search
+L

127 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:26 p.m.8 views

CVE-2020-16227

Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execut...

7.8CVSS7.4AI score0.01872EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 p.m.12 views

CVE-2020-0471

In reassembleanddispatch of packetfragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution...

9.8CVSS7.5AI score0.0159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.10 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.1CVSS6.8AI score0.00774EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 p.m.9 views

CVE-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration...

5.3CVSS6.6AI score0.02761EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.10 views

CVE-2019-7345

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...

4.8CVSS5.8AI score0.00674EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/22 10:14 a.m.8 views

CVE-2024-25010 Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability

Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution...

8.8CVSS8.9AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.12 views

CVE-2019-14047

While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

7.8CVSS9.4AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.1 views

Tenda FH451 Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 suffers from a buffer overflow vulnerability that stems from the failure of function.frmL7ImForm to correctly validate the length and size of input data, no details of the vulnerability are available at this time...

6.5CVSS7.5AI score0.00248EPSS
Exploits1References1
Veracode
Veracode
added 2025/04/29 4:4 a.m.10 views

Information Disclosure

moodle/moodle is vulnerable to an Information Disclosure. The vulnerability is due to inadequate input validation and authorization checks within the messaging web service, allows users to access data they are not authorized to view, such as other users' names and online statuses...

4.3CVSS6.5AI score0.00321EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.7 views

PT-2025-17430 · Unknown · Ova Based Connect

Name of the Vulnerable Software and Affected Versions: VMware End of Life OVA Connect versions prior to the end of support in January 2024 Description: An improper input validation vulnerability is identified in the End of Life EOL OVA based connect component, which is deployed for installation...

6.1CVSS7AI score0.00298EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/20 12:0 a.m.4 views

PT-2025-17427 · Gobgp +4 · Gobgp +4

Name of the Vulnerable Software and Affected Versions: GoBGP versions prior to 3.35.0 Description: An issue was discovered where the input length for an RTR message is not properly verified, potentially leading to issues when not all bytes are available for the message. This affects the...

9.9CVSS4.6AI score0.00955EPSS
Exploits1References60
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.5 views

PT-2025-16141 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting XSS in the Mediawiki - Extension:SimpleCalendar. Recommendations:...

6.9CVSS5.6AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15489 · Microsoft · Windows Dwm Core Library +1

Name of the Vulnerable Software and Affected Versions: Windows DWM Core Library affected versions not specified Description: The issue is related to improper input validation, which allows an authorized attacker to elevate privileges locally. This can affect the system, potentially leading to...

7.8CVSS7.5AI score0.0056EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/03/29 12:45 p.m.18 views

CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...

8CVSS7.1AI score0.00238EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/11 12:39 a.m.4 views

CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

8.8CVSS6.4AI score0.00439EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/24 7:27 a.m.18 views

CVE-2025-20051 Arbitrary file read via block duplication in Mattermost Boards

Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards...

9.9CVSS7.1AI score0.00586EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 6:39 a.m.52 views

CVE-2025-0815

CVE-2025-0815 concerns Schneider Electric Enerlin’X IFE/eIFE devices, with an improper input validation (CWE-20) flaw that can cause a Denial-of-Service when malicious ICMPv6 packets are received. Public sources describe impact on IEC61850 services and device availability, without detailing explo...

7.1CVSS6.9AI score0.00236EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/05 6:30 a.m.11 views

Browsershot Path Traversal

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

8.8CVSS6.6AI score0.00437EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/05 5:0 a.m.7 views

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

8.8CVSS8.1AI score0.00437EPSS
Exploits0References4
OSV
OSV
added 2025/02/05 5:0 a.m.6 views

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

8.8CVSS6.1AI score0.00437EPSS
Exploits0References6
Rows per page
Query Builder