CVE-2026-44065

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

PT-2026-7214

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...

Injection

Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

CVE-2025-52664

SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users...

EUVD-2025-36149

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

SICK AG TLOC100-100 安全漏洞

The SICK AG TLOC100-100 is a mobile robot positioning system from SICK Germany. A security vulnerability exists in the SICK AG TLOC100-100 that stems from an unauthenticated C++ API that could be exploited by a remote attacker to cause sensitive data to be accessed or modified and service...

EUVD-2025-16648

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-42261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where an input index is not validated, which may lead to buffer overrun,...

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

The vulnerability of the get_znodes_to_commit() function in the fs/ubifs/tnc_commit.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getznodestocommit function in the fs/ubifs/tnccommit.c module of the Linux operating system is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

CVE-2024-45806 Potential manipulate `x-envoy` headers from external sources in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration ...

CentOS 8 : thunderbird (CESA-2023:1802)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...

DEBIAN-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2022-36059

CVE-2022-36059 affects the matrix-js-sdk (Matrix JavaScript client) in versions before 19.4.0, where events containing special strings in key places can temporarily disrupt the SDK’s operation and may corrupt runtime data presented to the consumer. The issue is fixed in matrix-js-sdk 19.4.0; upgr...

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

K70415522: TMM vulnerability CVE-2021-23035

Security Advisory Description When an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23035 Impact Traffic is disrupted while the TMM process restarts. This vulnerabilit...

The vulnerability of the InnoDB component of the MySQL Database Server allows a perpetrator to gain unauthorized access for reading, modifying, or deleting data, or to cause service failures.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or to cause service failures...

CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...