CVE-2020-13969

CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...

CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc runs out of memory when expanding the array nanopb can end...

CVE-2019-3930

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

CVE-2019-19795

samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file...

CVE-2017-14193

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2019-15786

ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2025-37955

No description is available for this CVE...

CVE-2025-48016

creationtimestamp| type| source ---|---|--- 2025-05-20 16:28:15+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpmixrsr2jn2...

CVE-2025-30193

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of...

SUSE CVE-2025-48188

libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fillbuffer in data/encrypted-file.c to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read...

CVE-2025-4864

creationtimestamp| type| source ---|---|--- 2025-05-18 08:27:32+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpgn4sqyn2e2 2025-05-18 09:13:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpgpqrmbiz24...

CVE-2025-48187

creationtimestamp| type| source ---|---|--- 2025-05-17 14:42:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lperocdrlz2h...

WordPress Multimedia Responsive Carousel with Image Video Audio Support plugin <= 2.6.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Multimedia Responsive Carousel with Image Video Audio Support versions = 2.6.0...

CVE-2025-4768 feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload

A vulnerability classified as critical has been found in fenghaha/megagao ssm-erp and productionssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2024-4665

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce...

CVE-2025-4711

creationtimestamp| type| source ---|---|--- 2025-05-15 19:03:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpa7cwqq3c2e...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CVE-2025-0138

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue...

CVE-2024-47795

creationtimestamp| type| source ---|---|--- 2025-05-13 21:30:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16240 2025-05-13 22:08:56+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp3hof7mmhy2...