Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validator vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-3765
validator.js is vulnerable to Inefficient Regular Expression Complexity
Validator Project Validator
5
CVSSv2
CVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI before 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launc...
Cloudflare Octorpki
Debian Debian Linux 11.0
NA
CVE-2021-1440
A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. T...
9.3
CVSSv2
CVE-2021-38305
23andMe Yamale prior to 3.0.8 allows remote malicious users to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When proce...
23andme Yamale
6.8
CVSSv2
CVE-2021-3603
PHPMailer 6.4.1 and previous versions contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, ...
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-29510
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100...
Pydantic Project Pydantic
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4.3
CVSSv2
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
4
CVSSv2
CVE-2020-15225
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input ...
Django-filter Project Django-filter
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
6.8
CVSSv2
CVE-2020-26290
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the under...
Linuxfoundation Dex
6.8
CVSSv2
CVE-2020-26276
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an malicious user to modify the trusted document. This can result in allowing unverified logins from a SAML IdP...
Fleetdm Fleet
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »