28672 matches found
CVE-2025-67076
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...
CVE-2025-67076
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...
CVE-2025-70309
A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...
CVE-2025-70310
A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...
EUVD-2026-2761
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...
Linux Distros Unpatched Vulnerability : CVE-2025-70303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap overflow in the uncvparseconfig function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted MP4 file. CVE-2025-70303 Note tha...
CVE-2023-54333
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...
GO-2025-4251 Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama
Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama...
Malicious code in solana-program (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2025-69992
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...
CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...
CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...
CVE-2025-15504
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...
CVE-2025-11246
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...
CVE-2026-22605
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has bee...
@cenk1cenk2/renovate-config (>=2.3.132 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +7 more potentially affected by unknown CVE via renovate (>=36.109.4 <=40.21.2)
renovate NPM version =36.109.4, =2.3.132, =0.1.0, =0.14.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-FR4J-65PV-GJJJ...
EUVD-2026-2122
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-69991
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in checkavailablity.php...
CVE-2025-69992
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...
BIT-GITLAB-2025-11246 Insufficient Granularity of Access Control in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...