19 matches found
CVE-2025-54571
A flaw was found in modsecurity. The engine may allow attackers to manipulate the HTTP response’s Content-Type header, enabling them to influence downstream processes or applications. This manipulation can be achieved remotely without authentication. Consequently, an attacker can alter the expect...
CVE-2025-8197
A global buffer overflow vulnerability was found in the soupheadernametostring function in Libsoup. The soupheadernametostring function does not validate the name parameter passed in, and directly accesses soupheadernamestringsname. The value of name is controllable, when name exceeds the index...
CVE-2025-53861
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle MitM and Cross-site scripting XSS attacks allowing attackers to read transmitted data. Mitigation Currently, there is no mitigation available for this vulnerability...
CVE-2025-6491
A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service. Mitigation Currently, no mitigation is currently available for this...
CVE-2025-5416
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information. Mitigation Currently, no mitigation is available for...
CVE-2025-48946
A flaw in the HQC algorithm family in liboqs. Under specific conditions, an attacker who can capture an encrypted exchange can recover the clear text. There is currently no patch as the algorithm specification is the core issue. The HQC team is working on an updated specification. Users should...
CVE-2025-48796
A flaw was found in GIMP. The GIMP aniloadimage function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution. Mitigation Currently no...
CVE-2025-46421
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. Mitigation Currently, no...
CVE-2025-30689
CVE-2025-30689 — Oracle MySQL Server (Optimizer) is validated by connected advisories as affecting MySQL Server’s Optimizer component across versions 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue is exploitable by a high-privilege attacker with network access via multiple protocols, poten...
CVE-2025-32728
A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations. Mitigation To...
CVE-2025-32051
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS. Mitigation No mitigation is currently available for this vulnerability...
CVE-2025-2901
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scrip...
CVE-2005-0940
...
CVE-2025-48787
CVE-2025-48787 entry is rejected/not used per the Initial Description.
CVE-2024-23413
...
CVE-2025-48426
CVE-2025-48426 entry is rejected and does not represent an active vulnerability.
CVE-2022-33200
CVE-2022-33200 is rejected/not used and does not represent an active vulnerability entry.
CVE-2023-22498
...
CVE-2018-4595
...