VMware Spring Data Commons 资源管理错误漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.5.0 and earlier, 3.4.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 3.1.0 and earlier, 3.0.0 and...

CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

CVE-2026-41721

Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....

CVE-2026-41716 Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11;...

PT-2026-48321

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

EUVD-2024-15914

Malicious code in bioql PyPI...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

PT-2024-15350 · Nvidia · Onyx +2

Name of the Vulnerable Software and Affected Versions: NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC affected versions not specified Description: The vulnerable software contains a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. ...

CVE-2022-37406

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

CVE-2022-37406

CVE-2022-37406 affects Ricoh Aficio SP 4210N firmware versions prior to Web Support 1.05. The vulnerability is a cross-site scripting (XSS) issue in Web Image Monitor that can be exploited by a remote, authenticated attacker with administrative privileges to inject arbitrary scripts. Remediation ...

livehelperchat cross-site scripting vulnerability (CNVD-2022-01692)

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat that stems from livehelperchat's susceptibility to input mismatches during web page generation "cross-site scripting"...

AVIF has landed

Back in ancient July I released a video that dug into how lossy and lossless image compression works and how to apply that knowledge to compress a set of different images for the web. Well, that's already out of date because AVIF has arrived. Brilliant. AVIF is a new image format derived from the...

Sielco Sistemi Winlog <= 2.07.16 Buffer Overflow

No description provided by source. !/usr/bin/ruby Exploit Title: Sielco Sistemi Winlog Buffer Overflow = v2.07.16 Date: 05.06.2012 Exploit Author: m1k3 Vendor Homepage: http://www.sielcosistemi.com/en/download/public/winloglite.html Software Link:...

Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow

Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow !/usr/bin/ruby Exploit Title: Sielco Sistemi Winlog Buffer Overflow = v2.07.16 Date: 05.06.2012 Exploit Author: m1k3 Vendor Homepage: http://www.sielcosistemi.com/en/download/public/winloglite.html Software Link:...