Vulnerabilities (CVE)

Filtered by CWE-115
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5747 2025-06-09 N/A 8.0 HIGH
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
CVE-2025-32908 2025-05-13 N/A 7.5 HIGH
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
CVE-2025-22870 2025-05-09 N/A 4.4 MEDIUM
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
CVE-2024-12388 2025-03-20 N/A 6.5 MEDIUM
A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users.
CVE-2024-11169 2025-03-20 N/A 7.5 HIGH
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.
CVE-2025-25069 2025-02-13 N/A 6.5 MEDIUM
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue.
CVE-2023-0880 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A 8.3 HIGH
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2022-3224 1 Parse-url Project 1 Parse-url 2024-11-21 N/A 6.1 MEDIUM
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
CVE-2021-21366 2 Debian, Xmldom Project 2 Debian Linux, Xmldom 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
CVE-2020-27846 4 Fedoraproject, Grafana, Redhat and 1 more 6 Fedora, Grafana, Enterprise Linux and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.