Lucene search
+L

26 matches found

Nuclei
Nuclei
added 7 hours ago96 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.6 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/08 4:57 p.m.5 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
OSV
OSV
added 2025/12/03 7:15 p.m.2 views

DEBIAN-CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS7.6AI score0.01256EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/18 2:42 p.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 8:2 p.m.3 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
OSV
OSV
added 2024/05/29 7:18 a.m.24 views

BIT-FLUENT-BIT-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.5CVSS7.4AI score0.00944EPSS
Exploits2References3
NVD
NVD
added 2024/03/26 3:15 p.m.27 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.5CVSS6.4AI score0.00944EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2024/03/26 3:15 p.m.33 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.5CVSS7.1AI score0.00944EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/03/26 12:0 a.m.19 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.1AI score0.00944EPSS
Exploits2References2
OSV
OSV
added 2024/03/26 12:0 a.m.17 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.5CVSS6.8AI score0.00944EPSS
Exploits2References4
CVE
CVE
added 2024/03/26 12:0 a.m.86 views

CVE-2024-23722

Fluent Bit 2.1.8–2.2.1 is vulnerable to a NULL pointer dereference triggered by an invalid HTTP payload with content-type x-www-form-urlencoded, causing a crash and log delivery disruption. Affected versions and impact are stated in multiple sources; remediation is to upgrade Fluent Bit to a vers...

7.5CVSS6.5AI score0.00944EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.6 views

PT-2024-20035 · Unknown +2 · Fluent-Bit +2

Name of the Vulnerable Software and Affected Versions: Fluent Bit versions 2.1.8 through 2.2.1 Description: A NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded, resulting in a crash and failure to restart. This could lead to logs not...

9.1CVSS6.8AI score0.02172EPSS
Exploits8References36
0day.today
0day.today
added 2024/01/15 12:0 a.m.309 views

Taokeyun SQL Injection Vulnerability

!/bin/bash Variables url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php" cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -" Construct the request request="POST $url HTTP/1.1\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n"...

9.8CVSS7.4AI score0.00792EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.73 views

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

1AI score
Exploits0
Veracode
Veracode
added 2022/11/24 2:18 a.m.22 views

Cross-Site Request Forgery (CSRF)

fastify is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the incorrect Content-Type used in the ContentTypeParser function of contentTypeParser.js, allowing an attacker to bypass the Pre-Flight checking of fetch.fetch requests with Content-Type’s as...

8.8CVSS8.6AI score0.00369EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/11/22 8:15 p.m.27 views

Cross site request forgery (csrf)

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

6.8CVSS8.6AI score0.00369EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2022/09/12 5:59 p.m.37 views

[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.563 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

4.3CVSS0.4AI score0.00428EPSS
Exploits1
Rows per page
Query Builder