CVE-2026-40574

CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...

CVE-2026-40574

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

CVE-2025-40574

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service...

MAL-2025-40574 Malicious code in yolk-uplift-cln277-project (npm)

The package yolk-uplift-cln277-project was found to contain malicious code...

CVE-2025-40574

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16101 2025-05-13 10:52:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp2cxhr5x52t 2025-05-13 13:52:31+00:00| seen| https://t.me/cvedetector/25192 2025-05-15...

CVE-2025-40574

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service...

CVE-2025-40574

The CVE-2025-40574 entry concerns Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected versions are all

CVE-2021-40574

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gftextgetutf8line function in loadtext.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40574

creationtimestamp| type| source ---|---|--- 2025-03-06 02:17:24+00:00| seen| Telegram/8Ua1uuFsS4lVaniA9Qwngl2mtnFv6wibcBJHKDUZWfR12aH...

openSUSE: Security Advisory for freerdp (SUSE-SU-2023:4893-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-40574

creationtimestamp| type| source ---|---|--- 2023-09-01 02:18:24+00:00| seen| https://t.me/cibsecurity/69614...

CVE-2023-40574 Out-Of-Bounds Write in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...

CVE-2023-40574

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...

CVE-2023-40574

CVE-2023-40574 affects FreeRDP (RDP client library). The vulnerability is an Out-Of-Bounds Write in the function writePixelBGRX, likely caused by incorrect calculations of nHeight and srcStep. Impact is described as a crash/harmful write with high severity. The issue has been addressed in FreeRDP...

CVE-2021-40574

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gftextgetutf8line function in loadtext.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40574

GPAC GPAC is affected: the MP4Box binary (GPAC) from 0.9.0-preview to 1.0.1 contains a double-free in gf_text_get_utf8_line (load_text.c), enabling denial of service and potentially code execution/privilege escalation. Debian advisory DSA-5411-1 fixes this in bullseye with gpac version 1.0.1+dfsg...

Microsoft Office COM对象验证远程代码执行漏洞（MS10-036）

BUGTRAQ ID: 40574 CVE ID: CVE-2010-1263 Microsoft Office是非常流行的办公软件套件。 Office中的组件在实例化对象时没有充分地验证COM对象，用户受骗打开了恶意的Excel、PowerPoint、Publisher、Visio 或Word文档就会导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office 2007 SP2 Microsoft Office 2007 SP1 Microsoft Office 2003 Service Pack 3 临时解决方法：...

CVE-2022-40574

CVE-2022-40574 is rejected/not used and does not represent an active vulnerability entry.