8 matches found
CVE-2026-7890
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...
CVE-2026-4647 affecting package crash for versions less than 9.0.0-2
CVE-2026-4647 affecting package crash for versions less than 9.0.0-2. A patched version of the package is available...
CVE-2024-8612 affecting package qemu for versions less than 9.1.0-1
CVE-2024-8612 affecting package qemu for versions less than 9.1.0-1. An upgraded version of the package is available that resolves this issue...
AZL-69622 CVE-2025-61099 affecting package frr for versions less than 9.1.1-5
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaqueinfodetail function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LS Update packet...
AZL-52020 CVE-2024-50615 affecting package tinyxml2 for versions less than 9.0.0-2
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
AZL-51999 CVE-2024-50615 affecting package tinyxml2 for versions less than 9.0.0-2
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
AZL-9989 CVE-2022-2264 affecting package vim for versions less than 9.0.0050-2
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0...
CVE-2020-11643
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions 9.0.20262 and GateManager 8250 versions 9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains...