CVE-2025-29153

SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions...

Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure due to missing access controls in the WebSocket API. Node execution updates were sent to any subscriber using a valid graphid and graphversion, allowing...

CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

ROS-20250212-17

A vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to a breach of the data protection mechanism. data protection mechanism. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

Advisory ROSA-SA-2025-2654

software: unifdef 2.12 WASP: ROSA-CHROME packageevrstring: unifdef-2.12-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...

CVE-2024-0140

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2025-22132

CVE-2025-22132 affects the WeGIA web manager for charitable institutions. The vulnerability is a Cross-Site Scripting (XSS) in the file upload functionality at the endpoint WeGIA/html/socio/sistema/controller/controla_xlsx.php . An attacker can upload a file containing malicious JavaScript, causi...

CVE-2024-49535

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity...

CVE-2024-49535 Acrobat Reader | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity...

CVE-2024-35333

A stack-buffer-overflow vulnerability exists in the readcharsetdecl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the...

PT-2024-4522 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: Ffmpeg version v.n6.1-3-g466799d4f5 Description: The issue is related to a Buffer Overflow in the av samples set silence function, located in the libavutil/samplefmt.c component of the Ffmpeg library. This allows a local attacker to potential...

PT-2023-14931 · Ericsson · Ericsson Network Manager

Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager ENM versions prior to 22.1 Description: The issue is related to improper Neutralization of Formula Elements in a CSV File within the Network Connectivity Manager NCM application, which can lead to remote code executio...

CVE-2022-41145

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

MGASA-2021-0301 Updated nginx package fixes a security vulnerability

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...

CVE-2021-26313

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage...

Google Chrome Security Update (stable-channel-update-for-desktop_16-2021-02) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Rundeck Information Disclosure Vulnerability

Rundeck is an open source automation service with a Web console, command line tools and WebAPI from Rundeck, Inc. in the United States, which is used to run automation tasks. A security leak exists in Rundeck versions prior to 3.2.6. An attacker can exploit the vulnerability by sending a request ...

CVE-2020-11009

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very...

Authentication flaw

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very...

GHSA-5679-7QRC-5M7J IDOR can reveal execution data and logs to unauthorized user in Rundeck

Impact Authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is...