CVE-2022-24683

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root...

CVE-2021-29590

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

CVE-2021-23204

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3...

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

CVE-2011-2674

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors...

Exploit for Use of Less Trusted Source in Apache Http_Server

CVE-2022-31813 Vulnerability Checker Author: Derek Odiorn...

Rogue Cell: Adversarial Attack and Defense in Untrusted O-RAN Setup Exploiting the Traffic Steering XApp

The Open Radio Access Network O-RAN architecture is revolutionizing cellular networks with its open, multi-vendor design and AI-driven management, aiming to enhance flexibility and reduce costs. Although it has many advantages, O-RAN is not threat-free. While previous studies have mainly examined...

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...

KubeFence: Security Hardening of the Kubernetes Attack Surface

Kubernetes K8s is widely used to orchestrate containerized applications, including critical services in domains such as finance, healthcare, and government. However, its extensive and feature-rich API interface exposes a broad attack surface, making K8s vulnerable to exploits of software...

airflow-operators (>=0.1.0 <=0.11.1), apache-airflow-providers-fastetl (>=0.0.36 <=0.0.39) potentially affected by CVE-2025-27018 via apache-airflow-providers-mysql (>=5.7.3 <=5.7.4)

apache-airflow-providers-mysql PYPI version =5.7.3, =0.1.0, =0.0.36, =0.0.39 Source cves: CVE-2025-27018 Source advisory: OSV:GHSA-HHM6-JJF4-6PM3...

CVE-2025-22870 vulnerabilities

Vulnerabilities for packages: metallb-fips, thanos, terraform-provider-grafana-fips, gitlab-cng, prometheus-postgres-exporter, amazon-k8s-cni, secrets-store-csi-driver, malcontent, cfssl, thanos-operator-fips, bank-vaults-fips, request-1279-14, neuvector-scanner, crossplane-fips, vexctl, opentofu...

CVE-2022-31006

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

CVE-2024-42407

Insertion of Sensitive Information into Log File CWE-532 in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to...

Magma has an unspecified vulnerability

is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. A security vulnerability exists in Magma version 1.8.0, which can be exploited by an attacker to compromise an MME using an unauthenticated cell...

Magma Stack Overflow Vulnerability

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a stack overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a crafted NAS packet...

Magma Buffer Overflow Vulnerability

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a crafted N...

Magma null pointer dereference vulnerability (CNVD-2025-02445)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Magma null pointer dereference vulnerability (CNVD-2025-15065)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Magma null pointer dereference vulnerability (CNVD-2025-15068)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Magma buffer overflow vulnerability (CNVD-2025-02449)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a crafted N...