7 matches found
CVE-2025-9810
A time-of-check to time-of-use TOCTOU race condition exists in linenoise's linenoiseHistorySave function, where the history file is first opened with fopen"w" and subsequently modified with chmod. This vulnerability allows a local attacker to manipulate a symbolic link between these two operation...
CVE-2025-9688
A vulnerability was found in Mupen64Plus. The affected element is the writeisviewer function of the src/device/cart/isviewer.c file. Manipulation leads to integer overflow, and the attack can be initiated remotely. Mitigation No mitigation is currently available that meets Red Hat Product...
CVE-2005-10004
A vulnerability in Cacti contains a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on...
CVE-2025-9784
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
CVE-2025-26467
A Privilege Defined With Unsafe Actions vulnerability exists in Apache Cassandra. In affected versions, a user with MODIFY permission on all keyspaces can exploit unsafe operations against certain system resources to escalate privileges and gain superuser access within the Cassandra cluster. This...
CVE-2025-57804
A vulnerability was found in python-hyper/h2 that contains an input validation flaw that allows carriage return and line feed CRLF characters to be injected into HTTP/2 header fields. When requests are downgraded from HTTP/2 to HTTP/1.1, the library fails to enforce proper header validation, whic...
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...