CVE-2025-55159 slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...

CVE-2024-34081

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

Frappe vulnerable to information disclosure leading to account takeover

Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. Workarounds There's no workaround to fix this without upgrading. Credits Thanks to Thanh of Calif.io for reporting the issue...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

PT-2024-16045 · Topdata · Topdata Inner Rep Plus Webserver

Name of the Vulnerable Software and Affected Versions: Topdata Inner Rep Plus WebServer version 2.01 Description: A vulnerability was found in the Operator Details Form component of the Topdata Inner Rep Plus WebServer, affecting an unknown function of the file /InnerRepPlus.html. This issue lead...

PT-2024-31825 · Vegabird · Vegabird Yaazhini

Name of the Vulnerable Software and Affected Versions: VegaBird Yaazhini version 2.0.2 Description: A DLL hijacking issue allows attackers to execute arbitrary code and maintain persistence by placing a crafted DLL file in the same directory as Yaazhini.exe. This enables them to potentially gain...

PT-2023-26368 · Omnis · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Omnis Studio version 10.22.00 Description: The issue is related to incorrect access control in Omnis Studio. It has a feature for locking classes within Omnis libraries, which should make it impossible to delete, view, change, copy, rename,...

CVE-2023-22792

A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafted XFORWARDEDHOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process...

PT-2020-8642 · Unknown · Juuko K-808

Name of the Vulnerable Software and Affected Versions: JUUKO K-808 versions prior to numbers ending ...9A, ...9B, ...9C, etc. Description: The issue allows remote attackers to execute commands on vulnerable installations of the equipment. No authentication is required to exploit this issue. The...

Gauntlet CyberPatrol Content Monitoring System Overflow

The remote host is running Network Associated Gauntlet firewall. The installed version of the software is vulnerable to a buffer overflow. An attacker could exploit this flaw in order to remotely execute arbitrary commands on the affected host. C Tenable Network Security, Inc. include"compat.inc"...