CWE-1286: CWE-1286

A low-privileged remote attacker can corrupt the webserver user storage by sending unsupported characters, leading to deletion of all configured users...

This vulnerability allows a local attacker to escalate privileges on systems running vulnerable versions of FinalWire AIDA64 software. By exploiting i...

An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending specially crafted SSL packets to devices with UTM...

This vulnerability in email parsing libraries allows attackers to redirect emails to external addresses by embedding them within quotes in recipient f...

This CVE describes an infinite loop vulnerability in Amazon.IonDotnet library versions before v1.3.2. Attackers can cause denial of service by sending...

A vulnerability in the Proxy functionality of ctrlX OS allows authenticated low-privileged attackers to manipulate the /etc/environment file via craft...

This vulnerability in Go's parsing logic allows attackers to cause excessive memory consumption by sending malicious malformed tokens. It affects appl...

CVE-2025-0638 is a denial-of-service vulnerability in Routinator where specially crafted manifest files with illegal characters in filenames cause the...

An unauthenticated network attacker can cause denial-of-service on affected Juniper devices by sending specific traffic that crashes critical packet p...

A network-based attacker can cause denial of service by sending a specially crafted BGP update with a malformed tunnel encapsulation TLV to Juniper de...

A vulnerability in Palo Alto Networks PAN-OS software allows remote attackers to reboot firewalls by sending Windows NTLM packets from Windows servers...

An unauthenticated network attacker can cause a denial of service by sending high-rate specific ICMP traffic to Juniper devices with VXLAN configured,...

An unauthenticated attacker can cause a denial of service in Nozomi Networks Guardian and CMC by sending specially crafted malformed packets to the As...

CVE-2021-31987 is an input validation vulnerability in Axis Communications products that allows attackers to bypass blocked SMTP recipients. This affe...

A byte order encoding bug in the google/nftables Go library causes IP addresses to be processed incorrectly, resulting in firewall rules that don't wo...

This vulnerability in MediaTek modems allows memory corruption due to incorrect error handling when connecting to rogue base stations. Attackers can c...

A denial-of-service vulnerability exists in multiple SIMATIC S7-1200 PLC models where specially crafted packets sent to TCP port 102 can crash the dev...

This vulnerability in Axis devices allows attackers to block access to the guard tour configuration page via a VAPIX API parameter that accepts arbitr...

A vulnerability in the Hosts functionality of ctrlX OS web application allows authenticated low-privileged attackers to manipulate the system's hosts ...

A vulnerability in ctrlX OS allows authenticated low-privileged attackers to manipulate wireless network configuration files via crafted HTTP requests...

This vulnerability in Weblate allows attackers to trigger excessive repository updates via malicious webhook payloads, potentially causing denial of s...

The github.com/nyaruka/phonenumbers package versions before 1.2.2 contain an input validation vulnerability in the phonenumbers.Parse() function. Atta...

This vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing attacks by sending specially crafted network request...

This vulnerability allows authenticated attackers with vault administrator privileges to crash M-Files Server by calling a vulnerable API endpoint, ca...

This vulnerability in IBM Planning Analytics Local allows malicious privileged users to bypass the user interface and access sensitive information thr...

This vulnerability in Axis devices allows authenticated attackers with operator or administrator privileges to exploit a race condition in the VAPIX A...