Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

RARLabs WinRAR XSS Vulnerability (Nov 2025) - Windows

WinRAR is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rarlab:winrar";...

EUVD-2008-2225

Malware in sbrugna...

CVE-2025-8088 WinRAR Exploit: From Zero-Day to Zero-Risk with TruRisk™ Eliminate

The Risk Behind the WinRAR Vulnerability A newly disclosed path traversal vulnerability CVE-2025-8088 in WinRAR leaves millions of Windows systems exposed to attack. This flaw enables adversaries to craft malicious archives that bypass the user’s chosen extraction path, forcing files into...

WinRAR Directory Traversal

WinRAR suffers from a directory traversal vulnerability that allows an attacker to place files outside the intended extraction directory when a user extracts a specially crafted .rar archive. Versions prior to 7.12 are affected...

RARLabs WinRAR Directory Traversal Vulnerability (Jun 2025) - Windows

WinRAR is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rarlab:winrar";...

CVE-2014-1598

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow...

MikroTik RouterOS 7.1 < 7.12 Access Control Vulnerability

MikroTik RouterOS is prone to an access control vulnerability in the REST API. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SalesAgility SuiteCRM Code Injection Vulnerability

Salesagility SalesAgility SuiteCRM is a suite of enterprise-grade, open source Customer Relationship Management CRM from Salesagility UK. A security vulnerability exists in SalesAgility SuiteCRM versions 7.14.x prior to 7.14.2 and 7.12.x prior to 7.12.14 that stems from the presence of a code...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.x prior to 7.14.2 and 7.12.x prior to 7.12.14 that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Atlassian Jira 7.12 < 7.13.2 Information Disclosure In Browseprojects.jspa Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.12.x prior to 7.13.2 or 8.0.0 prior to 8.0.2. It is, therefore, affected by a vulnerability which permits remote attackers to see information for archived projects through a missing...

Atlassian Confluence 7.12.x < 7.12.5 RCE Via OGNL Injection

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker...

SUSE CVE-2019-15733

An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users...

AVM FRITZ!Box TCP SACK PANIC - Kernel Vulnerabilities

Multiple AVM FRITZ!Box devices are prone to multiple Denial of Service vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-8619

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8594

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of proces...

Stack overflow

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow...

CVE-2014-1598

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow...