The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system allows a intruder to trigger a service failure.

The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system is related to integer overflow when processing values of cid. Exploiting this vulnerability can allow an attacker to cause a service failure...

Oracle MySQL Server 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server. An attacker can exploit the vulnerability to read a subset of MySQL Server accessible data...

Google Pixel 代码问题漏洞

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A denial of service vulnerability exists in the Google Android System. An attacker can exploit the vulnerability to launch a denial-of-service attack...

matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content

Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...

CVE-2024-36258

A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

Microsoft Message Queuing 资源管理错误漏洞

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service on the system...

Microsoft Message Queuing 安全漏洞

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service on the system...

CVE-2024-56065

creationtimestamp| type| source ---|---|--- 2025-01-13 14:15:21+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfmwdllocf2n 2025-01-13 16:14:29+00:00| seen| https://t.me/cvedetector/15152 2025-01-14 21:05:23+00:00| seen|...

CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android onPrimaryClipChanged, which can be exploited by an attacker to submit a special request for elevation of privilege...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android isPackageDeviceAdmin, which can be exploited by an attacker to submit a special request for elevation of privilege...

TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the...

GHSA-HQMP-G7PH-X543 TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to an infinite loop. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2024-36567 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. An attacker must first obta...

JetBrains YouTrack Prototype Contamination Vulnerability

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a prototype contaminatio...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel component is related to errors in resource management within the implement function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...