Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0960

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-24 Nov, 2012 | 20:00
Updated At-06 Aug, 2024 | 18:45
Rejected At-
Credits

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:24 Nov, 2012 | 20:00
Updated At:06 Aug, 2024 | 18:45
Rejected At:
▼CVE Numbering Authority (CNA)

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/56650
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
vdb-entry
x_refsource_XF
https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1639-1
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/56650
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-1639-1
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/56650
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
vdb-entry
x_refsource_XF
x_transferred
https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-1639-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/56650
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1639-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:24 Nov, 2012 | 20:55
Updated At:29 Apr, 2026 | 01:13

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>Versions up to 2.4.0(inclusive)
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:*:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>0.02
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:0.02:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>0.2.1
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:0.2.1:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>0.3
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:0.3:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>0.3.1
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:0.3.1:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.1
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.1:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.2
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.2:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3.1
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3.1:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3.2
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3.2:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3.3
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3.3:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3.4
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3.4:-:*:*:*:firefox:*:*
ps_project_management_team
ps_project_management_team
>>unity-firefox-extension>>2.3.5
cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.3.5:-:*:*:*:firefox:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/56650security@ubuntu.com
N/A
http://www.ubuntu.com/usn/USN-1639-1security@ubuntu.com
N/A
https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350security@ubuntu.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/80319security@ubuntu.com
N/A
http://www.securityfocus.com/bid/56650af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1639-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/80319af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/56650
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1639-1
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/56650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1639-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80319
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

722Records found

CVE-2012-4551
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.95% / 77.79%
||
7 Day CHG~0.00%
Published-30 Nov, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables."

Action-Not Available
Vendor-ps_project_management_teamn/a
Product-libunity-webappsn/a
CVE-2014-1714
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.59%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-chromewindowslinux_kernelmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-8751
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.41% / 32.81%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 11:30
Updated-18 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
h2oai h2o-3 JAR Model.java importBinaryModel deserialization

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-h2oai
Product-h2o-3
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-8759
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.41% / 32.59%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 14:15
Updated-18 May, 2026 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special elements used in an expression language statement. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-xiandafu
Product-beetl
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2014-2286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.26% / 96.56%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Action-Not Available
Vendor-n/aDigium, Inc.Fedora Project
Product-certified_asteriskasteriskfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.43% / 82.23%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:40
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

Action-Not Available
Vendor-sr_freecap_projectn/a
Product-sr_freecapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9521
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 32.06%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 02:00
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 5.2.5 is able to address this issue. The name of the patch is 66d16516e24893bebc1c8af52bf2fe9ad0735061. Upgrading the affected component is advised.

Action-Not Available
Vendor-fraillt
Product-bitsery
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1255
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.73%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.34%
||
7 Day CHG~0.00%
Published-25 Oct, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Action-Not Available
Vendor-python-gnupg_projectn/a
Product-python-gnupgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1723
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.31%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 79.12%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 13:19
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.

Action-Not Available
Vendor-memphis_documents_library_projectn/a
Product-memphis_documents_libraryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-2376
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.46% / 36.84%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 12:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-viames
Product-Pair Framework
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-10383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.71% / 84.20%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 13:18
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.

Action-Not Available
Vendor-memphis_documents_library_projectn/a
Product-memphis_documents_libraryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0489
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.61% / 88.09%
||
7 Day CHG~0.00%
Published-03 Nov, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-advanced_package_tooln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-1.46% / 70.46%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:04
Updated-30 Sep, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.

Action-Not Available
Vendor-treckn/a
Product-ipv6n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-0683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.75% / 90.79%
||
7 Day CHG~0.00%
Published-03 Feb, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-omegaboard_projectn/a
Product-omegaboardn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.64%
||
7 Day CHG~0.00%
Published-29 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.

Action-Not Available
Vendor-simplemachinesn/a
Product-simple_machines_forumn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.40% / 87.39%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 11:43
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

Action-Not Available
Vendor-plataformatecn/a
Product-simple_formn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.15%
||
7 Day CHG~0.00%
Published-24 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0048
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.51% / 92.94%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 16:22
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

Action-Not Available
Vendor-The Apache Software FoundationDocker, Inc.
Product-dockergeodedocker.io
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0114
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-95.82% / 99.86%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-commons_beanutilsstrutsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4409
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 85.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 20:45
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Action-Not Available
Vendor-reviewboardPython Software Foundation; BeanbagRed Hat, Inc.Fedora Project
Product-djbletsreview_boardfedoraenterprise_linuxReview BoardDjblets
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4144
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 57.17%
||
7 Day CHG+0.09%
Published-30 Jun, 2022 | 17:21
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an object injection vulnerability in swfupload plugin for wordpress.

Action-Not Available
Vendor-swfupload_projectn/a
Product-swfuploadswfupload wordpress plugin
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-4339
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.49% / 93.74%
||
7 Day CHG~0.00%
Published-12 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4103
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.87% / 93.27%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:41
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

Action-Not Available
Vendor-cryptocat_projectn/a
Product-cryptocatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1710
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 84.88%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:50
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrasr_9000Cisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.12% / 86.27%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 15:54
Updated-06 Aug, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.

Action-Not Available
Vendor-n/aZABBIX
Product-zabbixn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.02%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:34
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Action-Not Available
Vendor-rsyslogn/aDebian GNU/LinuxopenSUSEFedora Project
Product-rsyslogdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.20% / 96.55%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 14:44
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

Action-Not Available
Vendor-hcommn/a
Product-xpient_irisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-5659
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.81%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 13:00
Updated-27 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-pytries
Product-datrie
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-2871
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.78% / 75.61%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2138
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.71% / 84.16%
||
7 Day CHG~0.00%
Published-10 Oct, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

Action-Not Available
Vendor-menalton/a
Product-galleryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2186
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-12.77% / 95.79%
||
7 Day CHG+0.10%
Published-28 Oct, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Action-Not Available
Vendor-n/aUbuntuRed Hat, Inc.
Product-openshiftjboss_enterprise_web_serverjboss_enterprise_portal_platformubuntujboss_enterprise_brms_platformn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.64%
||
7 Day CHG~0.00%
Published-21 Mar, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

Action-Not Available
Vendor-siteminder_federationsiteminder_agent_for_sharepointsiteminder_for_secure_proxy_servern/a
Product-6.012.112.5r6.012.02010n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1694
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.60% / 90.53%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxthunderbird_esrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.56% / 90.44%
||
7 Day CHG~0.00%
Published-20 Mar, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Action-Not Available
Vendor-n/aRubyPerforce Software, Inc. ("Puppet")
Product-puppetpuppet_enterpriserubyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1910
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.50% / 82.74%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 18:36
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

Action-Not Available
Vendor-baseurlyumDebian GNU/Linux
Product-debian_linuxyumyum
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2185
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.20% / 93.55%
||
7 Day CHG~0.00%
Published-19 Jan, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.
Product-tomcatjboss_enterprise_application_platformjboss_enterprise_portal_platformn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1716
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.11% / 86.19%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 20:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_ip_conferenece_phone_8831ip_phone_8821-ex_firmwareip_phone_8821ip_phone_8800ip_conference_phone_7800ip_phone_8821_firmwareip_phone_8821-exip_conference_phone_7800_firmwareunified_ip_conferenece_phone_8831_firmwareip_phone_8800_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Phone 7800 Series and 8800 SeriesCisco Unified IP Conference Phone 8831
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0837
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-65.72% / 99.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Action-Not Available
Vendor-n/aNagios Enterprises, LLCopenSUSE
Product-remote_plug_in_executoropensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0841
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.04%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0830
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.80% / 51.93%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aopenSUSEMicrosoft CorporationGoogle LLC
Product-chromewindowsopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0175
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.65% / 88.25%
||
7 Day CHG-0.07%
Published-25 Apr, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

Action-Not Available
Vendor-erik_michaels-obergrape_projectn/aRuby
Product-graperubymulti_xmln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0269
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-13.91% / 96.08%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Action-Not Available
Vendor-rubygemsn/a
Product-json_gemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 73.35%
||
7 Day CHG~0.00%
Published-05 Jul, 2020 | 21:04
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-u_ftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-5536
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.38% / 29.82%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 02:45
Updated-30 Apr, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-tensoroperaFedML-AI
Product-fedmlFedML
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-0156
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-99.45% / 99.94%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

Action-Not Available
Vendor-n/aRuby on RailsDebian GNU/Linux
Product-ruby_on_railsdebian_linuxrailsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6125
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.76% / 75.32%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 20:38
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

Action-Not Available
Vendor-call-ccchicken
Product-chickenchicken
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.49%
||
7 Day CHG~0.00%
Published-23 May, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.

Action-Not Available
Vendor-freenacn/a
Product-freenacn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found