CVE-2026-4751

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0...

CVE-2026-4751

CVE-2026-4751 : Affected software is tmate before version 2.4.0. The vulnerability is a NULL pointer dereference in the tmate-io tmate component. The available documents do not provide explicit impact, exploit details, or remediation steps. If present, further specifics (impact scope, CVSS) would...

EUVD-2025-208691

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

CVE-2026-28512 Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

CVE-2026-3103 Deletion of passwords via RestApi

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-25115 n8n is vulnerable to Python sandbox escape

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

PT-2026-28365

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...

EUVD-2025-200243

Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9...

CVE-2025-13295

CVE-2025-13295 affects Argus Technology Inc. BILGER prior to version 2.4.9 . The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability, enabling a potential attack related to selecting a Message Identifier. The vulnerability is rated CVSS 3.1: 7.5 (HIGH) with a ...

UBUNTU-CVE-2025-58121

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

CVE-2025-49909

CVE-2025-49909 is a Reflected XSS vulnerability in the WordPress plugin Penci Bookmark & Follow (versions below 2.4). Exploitation is possible via input handling during web page generation, as described in multiple sources (NVD/RedHat/patchnotes). Affected product: Penci Bookmark & Follow; fixed ...

JLSEC-2025-48 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

CVE-2025-5518

Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers. This issue affects BILGER: before 2.4.6...

CVE-2024-33577

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current...

PT-2024-24836

Name of the Vulnerable Software and Affected Versions myQNAPcloud Link versions prior to 2.4.51 Description A missing authentication for critical function vulnerability has been reported. If exploited, the vulnerability could allow users with the privilege level of some functionality via a networ...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics with features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176, which stems from the lack...

Github Cachet Injection Vulnerability

Github Cachet is a software application. An open source status page system. An injection vulnerability exists in versions of Cachet prior to 2.4 that stems from allowing users to execute arbitrary code during poor filtering and older twig versions via the Create Template feature...

Budibase 代码问题漏洞

Budibase is a low-code platform for creating in-house applications, workflows and admin panels in minutes, open-sourced by Budibase UK. A code issue vulnerability exists in Budibase versions prior to 2.4.3 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker...

SUSE CVE-2012-1139

Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid stack read operation and memory corruption or possibly execute arbitrary code via crafted glyph data in a BDF font...