Lucene search
K

98 matches found

rubygems
rubygems
added 2026/06/26 12:0 a.m.4 views

Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score0.0063EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.7 views

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a security vulnerability, which stems from improper input during web pag...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39703

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through = 1.8.1...

5.9AI score0.00133EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27455

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/09 12:0 a.m.4 views

CVE-2025-70038

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

6AI score0.00343EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/04 12:0 a.m.8 views

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

6.1CVSS5.7AI score0.00264EPSS
Exploits0References2
nvd
nvd
added 2026/02/24 4:24 p.m.11 views

CVE-2026-27517

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...

6.1CVSS0.00139EPSS
Exploits0References2
nvd
nvd
added 2026/02/20 4:22 p.m.6 views

CVE-2025-69330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through 1.4.1...

7.1CVSS0.0018EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.6 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the use of autocomplete features for web...

5.3CVSS5.8AI score0.00169EPSS
Exploits0References1
nvd
nvd
added 2026/02/05 6:16 p.m.6 views

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS0.00482EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/02/01 12:56 p.m.4 views

CVE-2022-50951

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS6AI score0.00305EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/02/01 12:56 p.m.5 views

CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

6.4CVSS5.5AI score0.00305EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/01/23 12:0 a.m.6 views

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...

8.8CVSS7.4AI score0.01497EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2026/01/21 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

9.8CVSS6.2AI score0.04307EPSS
In wildExploits1References5
redhatcve
redhatcve
added 2026/01/07 9:17 a.m.6 views

CVE-2025-1035

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1...

5.7CVSS5.4AI score0.09676EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/23 12:0 a.m.9 views

Eaton xComfort ECI 安全漏洞

The Eaton xComfort ECI is an Ethernet communication interface device from Eaton Corporation USA. A security vulnerability exists in the Eaton xComfort ECI that stems from improper validation of web interface endpoint inputs, which could allow an attacker with network access rights to execute...

8.8CVSS6.8AI score0.00278EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/12/23 12:0 a.m.6 views

PT-2025-52737

Name of the Vulnerable Software and Affected Versions Eaton xComfort ECI affected versions not specified Description A flaw exists in the input validation process of a web interface endpoint within Eaton xComfort ECI. This could allow an attacker with network access to the device to execute...

8.8CVSS6.8AI score0.00278EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/12/04 9:47 p.m.2 views

CVE-2025-13939 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Gateway Wireless Controller module allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 u...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References1
euvd
euvd
added 2025/11/24 3:30 p.m.5 views

EUVD-2025-198807

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS6.6AI score0.00341EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/24 12:0 a.m.2 views

PT-2025-47923

Name of the Vulnerable Software and Affected Versions Fluent Bit versions affected versions not specified Description The in http, in splunk, and in elasticsearch input plugins in Fluent Bit do not properly sanitize tag key inputs. An attacker who can access the network or write records to Splunk...

9.4CVSS6.7AI score0.00632EPSS
Exploits0References15
Rows per page
Query Builder