Search Vulnerabilities

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Insecure Default Domain Allowlist in Splunk AI Toolkit

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1

MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Wss4jSecurityInterceptor disables WS-I BSP validation by default

LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Initialization of a resource with an insecure default in XCharge C6

phpMyFAQ - Authentication Bypass via Empty API Token

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initializa...

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Algernon: Single-file mode unconditionally enables debug mode

SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

Insecure Default Initialization in API Authentication leads to Authentication Bypass

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server