13561 matches found
CVE-2023-45319
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service DoS via the commit function was identified. Reported by Jason Geffner...
CVE-2023-31123
effectindex/tripreporter is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of effectindex/tripreporter, e.g. subjective.report, may be affected by an improper...
CVE-2022-35938
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
CVE-2024-41112
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...
CVE-2024-41117
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...
CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...
CVE-2026-21854
CVE-2026-21854 affects the Tarkov Data Manager. The vulnerability is an authentication bypass in the login endpoint, enabling unauthenticated access to the admin panel via a JavaScript prototype property access vulnerability combined with loose equality type coercion. Affected are versions prior ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000393)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000393 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...
PT-2026-2104
Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 Description The Tarkov Data Manager is a tool used to manage Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time-based blind S...
PT-2026-2159
Name of the Vulnerable Software and Affected Versions OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14 Description The software contains a heap buffer underflow in the readline function of mdb load. Processing malformed input with an embedded NUL byte can cause a...
SUSE CVE-2025-67269
An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...
CVE-2026-21484
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
Exploit for Out-of-bounds Write in Google Chrome
CVE-2025-14174 Analysis: ANGLE Metal Staging Buffer Out-of-Bou...
CVE-2025-67268
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...
PT-2026-6123
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a deadlock issue involving NFSv4.1 state recovery. The deadlock occurs when kthreadd attempts to reclaim memory by calling the nfs release folio function, which...
CVE-2025-34468
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992758)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992758 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for toppipetoprogram in commitplanesforstream This commit address...