265 matches found
CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
GHSA-Q747-C74M-69PR MantisBT lacks verification when changing a user's email address
When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...
CVE-2025-55085
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
CVE-2025-55085 Web http client: Unchecked Server-Side Malicious Packet Issue
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
EUVD-2025-34920
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...
EUVD-2025-31575
Malicious code in bioql PyPI...
EUVD-2025-25108
Malicious code in bioql PyPI...
EUVD-2025-30236
Malicious code in bioql PyPI...
podman security update
An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
CVE-2025-56815
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...
MYCVE
Hnaoyun Inc. PbootCMS Project V3.2.12 apps/home/controller/Mem...
Account takeover due to missing oauth audience verification in google sign in
Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...
Linux Distros Unpatched Vulnerability : CVE-2018-17187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mo...
CVE-2025-54809
CVE-2025-54809 (F5 Access for Android) affects Android clients of F5 Access prior to version 3.1.2. The vulnerability arises because, when using HTTPS, the client does not verify the remote endpoint identity, enabling potential man-in-the-middle interception. Affected versions are 3.1.0–3.1.1; a ...
Linux Distros Unpatched Vulnerability : CVE-2018-8034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0....
DENX Software Engineering Das U-Boot 安全漏洞
DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot version v1.1.3, which stems from a lack of signature verification in the bootloader and could lead to the execution of...
The vulnerability of the trusted execution environment of the Virtualization-Based Security (VBS) Enclave in Microsoft Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the trusted execution environment for Virtualization-Based Security VBS in Microsoft Windows operating systems is related to the absence of control data for verifying integrity. Exploiting this vulnerability can allow attackers to enhance their privileges...
Medical Card Generation System Manage Card Function Cross-Site Request Forgery Vulnerability
Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from a cross-site request forgery vulnerability that stems from the lack of CSRF protection in the Manage Card feature, which can be exploited by an attacker to send a simple GET request...