112 matches found
PT-2025-18599 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the KVM Kernel-based Virtual Machine component. The issue arises when the gfn to pfn cache is inactive, and KVM fails ...
PT-2025-16679
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns an overflow in the dacloffset bounds check within the ksmbd component of the Linux kernel. Originally, the dacloffset field was typed as int and used in an unchecked...
CVE-2024-10707
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...
USN-7253-1: OpenJDK 17 vulnerability
It was discovered that the Hotspot component of OpenJDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...
CVE-2024-57721
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgpathaddpath...
CVE-2024-57723
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component compositionsourceover...
CVE-2024-57770
CVE-2024-57770 affects JFinalOA prior to v2025.01.01, with a SQL injection vulnerability in the component apply/save#oaContractApply.id. The issue’s root cause is an input handling flaw that enables injectable SQL strings via that parameter, leading to potential confidentiality, integrity, and av...
CVE-2024-57645
An issue in the qiinststatefree component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57659
An issue in the sqlgparalleltsseq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
PT-2025-16900 · Chromium +4 · Chromium +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 135.0.7049.95 Description: A use after free issue in the USB component of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This issue is related to the...
CVE-2024-44852
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component thetastar::ThetaStar::isUnsafeToPlan...
CVE-2024-48071
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service...
The vulnerability of the ntfs3 component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the ntfs3 component in the Linux operating system’s kernel is related to errors in reading data beyond the boundaries of the buffer memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-46212
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal...
Unspecified vulnerability in Linux kernel (CNVD-2024-39472)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an SSID-based PMKSA removal issue in the wifi:brcmfmac component. No details of the vulnerability are provid...
CVE-2024-44893
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request...
CVE-2024-40348
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...
CVE-2024-40348
Bazaar v1.4.3 and earlier contains an unauthenticated Arbitrary File Read via directory traversal in the component /api/swaggerui/static. The root cause is a path traversal vulnerability that allows reading arbitrary server files. Impact is unauthenticated access with potential disclosure of sens...
BIT-MYSQL-CLIENT-2022-27384
An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...
PT-2024-19634 · Zkteco · Zkteco Zkbio Wdms
Name of the Vulnerable Software and Affected Versions: zkteco zkbio WDMS version 8.0.5 Description: An issue in the software allows an attacker to execute arbitrary code via the "/files/backup/" component. Recommendations: For zkteco zkbio WDMS version 8.0.5, consider restricting access to the...