Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode
CVE-2024-21524
CRITICAL CVSS 9.1
Find Similar
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allow
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted D
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating string
CVE-2024-10865
CRITICAL CVSS 9.4
Find Similar
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplyi
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bound
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack El
CVE-2025-61043
CRITICAL CVSS 9.1
Find Similar
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the leng
Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.
Page 1+ Next →