Out-of-bounds Write

firefox-esr is vulnerable to Out-of-bounds Write. The vulnerability occurs due to memory corruption leading to a malicious attacker to run arbitrary codes...

Code Injection

gitlab is vulnerable to Code Injection. The vulnerability exists due to improper access restrictions which allows an attacker to inject and execute arbitrary codes into the system...

NULL Pointer Dereference

libpano13.so is vulnerable to NULL Pointer Dereference. The vulnerability exists in the panoParserFindOLine function at parser.c which allows an attacker to execute arbitrary codes via a crafted file when can cause the application to crash...

Weak Cryptography

github.com/bishopfox/sliver is vulnerable to weak cryptography. The vulnerability exists because it does not properly implement Nacl Box libsodium, which allows an attacker to execute arbitrary codes on implanted devices and intercept user responses...

Command Injection

ImageMagick is vulnerable to Command Injection. The vulnerability exists via video:vsync or video:pixel-format options in VIDEO encoding/decoding which allows an attacker to inject and execute arbitrary codes into the system...

Remote Code Execution (RCE)

safe-eval is vulnerable to Sandbox Bypass. The vulnerability exists due to improper input sanitization which allows an attacker to execute arbitrary codes into the system...

Remote Code Execution (RCE)

eta is vulnerable to Remote Code Execution RCE. The vulnerability is due to the Express render API overwriting template engine configuration variables which allows an attacker to execute arbitrary codes. An application is only vulnerable if its rendering user submitted data without sanitization...

Remote Code Execution (RCE)

simple-git is vulnerable to remote code execution.The vulnerability exists in the clone function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066...

Remote Code Execution (RCE)

heimdal is vulnerable to remote code execution. The vulnerability exists due to an invalid free in ASN.1 codec which allows an attacker to inject and execute arbitrary codes into the system...

Privilege Escalation

python3.10 is vulnerable to privilege escalation. The vulnerability exists when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine which...

Information Disclosure

Concrete CMS is vulnerable to information disclosure.The vulnerability exists in multiple functions due to whoops error output when debug mode is left in production, allowing an attacker to execute arbitrary codes via server-side sensitive information...

Information Disclosure

Batik bridge is vulnerable to information disclosure. The vulnerability exists in the function of DefaultScriptSecurity because the jars get loaded by default which allows an attacker to execute arbitrary codes into the system...

Information Disclosure

batik-script is vulnerable to information disclosure. The vulnerability is due to the visibleToScripts function in RhinoClassShutter.java not restricting access to batik internals from script which allows an attacker to execute arbitrary codes...

Information Disclosure

github.com/containers/podman is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to improper handling of the supplementary groups in the Podman container engine which allows an attacker to gain access to containers and execute arbitrary codes...

Command Injection

libtinygltf is vulnerable to command injection. The vulnerability exists in the wordexp library function in tinygltf.h due to a lack of input sanitization allowing an attacker to inject and execute arbitrary codes via backticks...

Denial Of Service

kernel is vulnerable to denial of service. The vulnerability exists due to a race condition in perfeventopen which allows an attacker to gain root privileges and execute arbitrary codes and crash the system...

Remote Code Execution (RCE)

sixfabtool is vulnerable to remote code execution. When the package is installed, it opens a malicious backdoor in the package allowing an attacker to inject and execute arbitrary codes and gain access to sensitive user information and digital currency keys as well as escalate privileges...

Remote Code Execution (RCE)

texercise is vulnerable to remote code execution. When the package is installed, it opens a malicious backdoor in the package allowing an attacker to inject and execute arbitrary codes and gain access to sensitive user information and digital currency keys as well as escalate privileges...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists in url format which allows an attacker to inject and execute arbitrary codes...

Command Injection

cookiecutter is vulnerable to command injection. The vulnerability exists in the clone function in vcs.py due to a lack of sanitization in checkout parameter which allows an attacker to inject and execute arbitrary codes...