CVE-2026-7045

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessordoDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the...

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol

When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...

efi: Don't map the entire mokvar table to determine its size

...

EUVD-2019-10710

Malware in sbrugna...

EUVD-2019-10709

Malware in sbrugna...

EUVD-2019-10708

Malware in sbrugna...

CVE-2025-8570 BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determinecurrentuser filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume...

CVE-2025-8570

The BeyondCart Connector plugin for WordPress (versions 1.4.2 through 2.1.0) is affected by Privilege Escalation due to improper JWT secret management and authorization in the determine_current_user filter. This allows unauthenticated attackers to craft valid JWTs and impersonate any user (includ...

Malicious code in determine-remain-about (npm)

The package determine-remain-about was found to contain malicious code...

MAL-2025-43979 Malicious code in determine-remain-about (npm)

The package determine-remain-about was found to contain malicious code...

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

Use After Free

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Use After Free via the DetermineDataType function in the PDF Dictionary Parser component. An attacker can execute arbitrary code or cause a denial of service by manipulating memory after it...

UBUNTU-CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

PoDoFo 安全漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...

CVE-2019-20154

An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. A cross-site scripting XSS vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML...

CVE-2019-20153

An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...

SUSE CVE-2024-52333

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...