Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10930

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Aug, 2019 | 18:57
Updated At-06 Aug, 2024 | 03:38
Rejected At-
Credits

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Aug, 2019 | 18:57
Updated At:06 Aug, 2024 | 03:38
Rejected At:
▼CVE Numbering Authority (CNA)

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers
x_refsource_MISC
Hyperlink: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers
x_refsource_MISC
x_transferred
Hyperlink: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Aug, 2019 | 19:15
Updated At:29 Aug, 2019 | 12:50

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

wpsupportplus
wpsupportplus
>>wp_support_plus_responsive_ticket_system>>Versions before 7.1.0(exclusive)
cpe:2.3:a:wpsupportplus:wp_support_plus_responsive_ticket_system:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developerscve@mitre.org
Release Notes
Hyperlink: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers
Source: cve@mitre.org
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

875Records found

CVE-2013-0156
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-99.45% / 99.94%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

Action-Not Available
Vendor-n/aRuby on RailsDebian GNU/Linux
Product-ruby_on_railsdebian_linuxrailsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6125
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.76% / 75.32%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 20:38
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

Action-Not Available
Vendor-call-ccchicken
Product-chickenchicken
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.49%
||
7 Day CHG~0.00%
Published-23 May, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.

Action-Not Available
Vendor-freenacn/a
Product-freenacn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.98% / 95.03%
||
7 Day CHG~0.00%
Published-03 Mar, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

Action-Not Available
Vendor-n/aAdobe Inc.The Apache Software Foundation
Product-cordovaphonegapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5148
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.48%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5534
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.44% / 90.23%
||
7 Day CHG~0.00%
Published-03 Dec, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."

Action-Not Available
Vendor-flashtuxn/a
Product-weechatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-6979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.32% / 81.36%
||
7 Day CHG~0.00%
Published-08 Feb, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Action-Not Available
Vendor-amarokn/a
Product-amarokn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5646
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.38%
||
7 Day CHG+0.02%
Published-24 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftopenshift_originn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5118
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.33%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromemac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4850
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.41% / 82.08%
||
7 Day CHG~0.00%
Published-14 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34416
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 72.88%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 13:56
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.

Action-Not Available
Vendor-n/aZoom Communications, Inc.
Product-virtual_room_connector_load_balancermeeting_connectorvirtual_room_connectorrecording_connectorZoom On-Premise Meeting Connector Controller, Zoom On-Premise Meeting Connector MMR, Zoom On-Premise Recording Connector, Zoom On-Premise Virtual Room Connector, Zoom On-Premise Virtual Room Connector Load Balancer
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3399
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.32% / 99.16%
||
7 Day CHG~0.00%
Published-12 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

Action-Not Available
Vendor-artis.imagn/a
Product-basilicn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3460
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 67.06%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:03
Updated-06 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cumin: At installation postgresql database user created without password

Action-Not Available
Vendor-cuminRed Hat, Inc.
Product-enterprise_mrgcumin
CWE ID-CWE-20
Improper Input Validation
CVE-2025-11135
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 30.49%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 01:32
Updated-29 Sep, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-pmTicket
Product-Project-Management-Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2012-2140
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.47% / 90.28%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

Action-Not Available
Vendor-rubygemsn/a
Product-mail_gemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2965
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.62% / 73.07%
||
7 Day CHG~0.00%
Published-12 Aug, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

Action-Not Available
Vendor-cauchon/a
Product-resinn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12001
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-11.50% / 95.49%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 19:14
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-factorytalk_linxrslinx_classicFactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.80% / 75.77%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:56
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.

Action-Not Available
Vendor-renderdocs-rs_projectn/a
Product-renderdocs-rsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2240
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

Action-Not Available
Vendor-devscripts_devel_teamn/a
Product-devscriptsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1025
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.85% / 92.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-23 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serverskype_for_businesssharepoint_foundationsharepoint_serverlyncMicrosoft SharePoint Server 2019Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Lync Server 2013Microsoft SharePoint Enterprise Server 2016Skype for Business Server 2015 CU 8Skype for Business Server 2019 CU2
CWE ID-CWE-20
Improper Input Validation
CVE-2025-10164
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.38% / 29.56%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 18:32
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lmsys sglang update_weights_from_tensor main deserialization

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-lmsys
Product-sglang
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-0465
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.84% / 53.39%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 17:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AquilaCMS categories deserialization

A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/a
Product-AquilaCMS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-10885
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-7.22% / 93.56%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.48% / 87.68%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.

Action-Not Available
Vendor-n/aUmbraco A/S (Umbraco)
Product-umbraco_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0960
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.71%
||
7 Day CHG~0.00%
Published-24 Nov, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

Action-Not Available
Vendor-ps_project_management_teamn/a
Product-unity-firefox-extensionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1010
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.52% / 94.86%
||
7 Day CHG~0.00%
Published-07 Feb, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

Action-Not Available
Vendor-liknon/aWordPress.org
Product-allwebmenus_pluginwordpressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-0841
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.13%
||
7 Day CHG+0.02%
Published-29 Jan, 2025 | 20:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aridius XYZ News loadMore deserialization

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-Aridius
Product-XYZ
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2012-1817
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.97% / 89.21%
||
7 Day CHG~0.00%
Published-08 Jun, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.

Action-Not Available
Vendor-emersonn/a
Product-deltavdeltav_workstationdeltav_proessentials_scientific_graphn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0694
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-67.26% / 99.21%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 20:37
Updated-06 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Action-Not Available
Vendor-n/aSugarCRM Inc.
Product-sugarcrmn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4405
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.72%
||
7 Day CHG~0.00%
Published-29 Nov, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4104
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.41% / 82.07%
||
7 Day CHG~0.00%
Published-27 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

Action-Not Available
Vendor-n/aDjango
Product-tastypien/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4120
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 78.57%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 04:17
Updated-07 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.

Action-Not Available
Vendor-yubicoyubico-pamLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxpam_moduleyubico-pam
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4103
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.41% / 82.08%
||
7 Day CHG~0.00%
Published-27 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

Action-Not Available
Vendor-n/aDjango
Product-pistonn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2897
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 77.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 13:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Action-Not Available
Vendor-gdk-pixbufThe GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxgdk-pixbufenterprise_linuxgdk-pixbuf
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2842
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromemac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3098
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-6.93% / 93.33%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-captivateAdobe Captivate 9 and earlier.
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1804
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.49% / 70.99%
||
7 Day CHG~0.00%
Published-26 May, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33754
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.91%
||
7 Day CHG+0.04%
Published-16 Jun, 2022 | 21:23
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_automic_automationCA Automic Automation
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1798
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.04%
||
7 Day CHG~0.00%
Published-26 Dec, 2014 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2332
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.39% / 69.04%
||
7 Day CHG~0.00%
Published-09 Jun, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1793
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-26 Dec, 2014 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-84.29% / 99.67%
||
7 Day CHG+0.12%
Published-08 Apr, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxInternet Systems Consortium, Inc.
Product-debian_linuxubuntu_linuxdhcpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.56% / 72.17%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1296
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.01% / 78.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1438
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.21%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1407
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.80% / 88.71%
||
7 Day CHG~0.00%
Published-16 May, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

Action-Not Available
Vendor-n/aExim
Product-eximn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.09% / 79.32%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 76.05%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.08%
||
7 Day CHG~0.00%
Published-08 Mar, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.28%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 17
  • 18
  • Next
Details not found