Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized embedding of untrusted OpenAPI fields, where attacker-controlled values in the x-enumDescriptions field are injected without proper escaping during enum generation, resulting in executable JavaScript/TypeScri...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37862)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37862 advisory. - In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rich text fields fields. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML content. Details Cross-site scripting or XSS is a code vulnerability that occu...

BIT-AIRFLOW-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

GeoGebra Graphing Calculator has a security vulnerability

The GeoGebra Graphing Calculator is a function drawing calculator developed by the American company GeoGebra. Version 6.0.631.0 of the GeoGebra Graphing Calculator has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which may lead to the application...

GeoGebra CAS Calculator security vulnerability

GeoGebra CAS Calculator is a symbolic calculation calculator developed by the American company GeoGebra. Version 6.0.631.0 of the GeoGebra CAS Calculator has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which may lead to the application crashing...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2025-58741

The CVE-2025-58741 entry concerns Milner ImageDirector Capture. Affected product/versions: ImageDirector Capture 7.0.9 through 7.6.3.25808. Issue: Insufficiently Protected Credentials vulnerability in the Credential Field allows retrieval of credential material and enables database access. Impact...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

UBUNTU-CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

CVE-2025-59464

CVE-2025-59464 describes a memory leak in Node.js OpenSSL integration during conversion of X.509 certificate fields to UTF-8, occurring when applications call socket.getPeerCertificate(true). Each certificate field leaks memory, enabling steady memory growth over TLS connections and potentially c...

CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

Cross-site Scripting (XSS)

october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...

CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

CVE-2025-14533

The Wordfence disclosure confirms CVE-2025-14533 affects the Advanced Custom Fields: Extended plugin for WordPress (