485 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-49005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, ...
CVE-2025-8949
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...
INSTAR 2K+和INSTAR 4K 安全漏洞
INSTAR 2K+ and INSTAR 4K are both webcams from INSTAR, a German company. A security vulnerability exists in INSTAR 2K+ and INSTAR 4K version 3.11.1 Build 1124, which originates in the Backend IPC Server component could lead to a denial of service attack...
CVE-2025-34136
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...
PT-2025-30892 · Commvault · Commvault
Name of the Vulnerable Software and Affected Versions: Commvault versions 11.32.0 through 11.32.93 Commvault versions 11.36.0 through 11.36.51 Commvault versions 11.38.0 through 11.38.19 Description: An SQL injection vulnerability exists in the Web Server component that could allow a remote,...
PT-2025-29646
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.42 Oracle MySQL versions 8.4.0 through 8.4.5 Oracle MySQL versions 9.0.0 through 9.3.0 Description A vulnerability exists in the Server: DDL component of Oracle MySQL Server. This vulnerability allows a...
Cache Poisoning
Next.js is vulnerable to cache poisoning. The vulnerability is due to HTML page requests returning a React Server Component RSC payload under certain conditions, which allows an attacker to poison the cache if the CDN does not correctly differentiate between RSC and HTML content...
CVE-2025-49005
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
CVE-2025-49005
Next.js CVE-2025-49005 affects Next.js App Router (versions 15.3.0 to before 15.3.3) and Vercel CLI (41.4.1 to 42.2.0). A cache poisoning vulnerability could cause HTML requests to return a React Server Component payload under certain conditions. When deployed on Vercel, impact is limited to the ...
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
PT-2025-27835
Name of the Vulnerable Software and Affected Versions: Next.js versions 15.3.0 through 15.3.2 Vercel CLI versions 41.4.1 through 42.1.0 Description: A cache poisoning issue was found in Next.js App Router and Vercel CLI, allowing page requests for HTML content to return a React Server Component R...
ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc-kafka-pipeline-plugin_2.11 (>=1.0.0 <=1.4.0) +224 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.11 (>=2.0.0 <=2.4.1)
org.apache.kafka:kafka2.11 MAVEN version =2.0.0, =0.0.13, =1.0.0, =1.14.0, =2.8.0, =3.0.0-M1 - com.daasyyds.presto:daasyyds-hive-connector-patch =0.276.1-202209.1 and more Source cves: CVE-2025-27819 Source advisory: OSV:GHSA-MCWH-C9PG-XW43...
CVE-2024-24683
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...
CVE-2025-4544
A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument defmax/deftime/deftcpmax/deftcptime/defudpmax/defudptime/deficmpmax leads to...
PT-2025-18458
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue has been resolved in the Linux kernel, specifically in the ksmbd component. The problem occurs when the ksmbd connection is referenced after the ksmbd server threa...
Linux Distros Unpatched Vulnerability : CVE-2012-0087
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown...
CLSA-2024-1732195001 krb5: Fix of CVE-2024-26462
CVE-2024-26462: Fix memory leak vulnerability in src/kdc/ndr.c...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time video conferencing software by the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk that stems from incorrect access control in the app/src/server.js component...