CVE-2026-44317

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents...

EUVD-2026-28250

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

WordPress UiChemy plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin UiChemy versions = 4.4.2...

CVE-2026-22241

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

CVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code...

CVE-2025-11626

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service...

CVE-2025-38379 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38379 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

Linux Distros Unpatched Vulnerability : CVE-2020-7921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to...

BeyondTrust Privilege Management for Windows 安全漏洞

BeyondTrust Privilege Management for Windows is a software for restricting user privileges by BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management for Windows prior to version 25.4.270.0, which originates in wmic.exe could lead to an anti-tamper protection bypass...

SUSE CVE-2006-1168

The decompress function in compress42.c in 1 ncompress 4.2.4 and 2 liblzw allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow...

SUSE CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

SUSE CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

Prestashop Input Validation Error Vulnerability

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. An input validation error vulnerability exists in Prestashop Opart devis prior to version 4.0.2, which allows ...

CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client

A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client denial of service...

NTP.org ntpd Denial of Service Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon. A denial of service vulnerability exists in versions of NTP.org ntpd prior to 4.2.8p8, which can be exploited by remote attackers to cause a denial of service by sending specially crafted packets...

PT-2014-2315 · Zope +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to execute Python code via a crafted URL, related to createObject. This is possible due to a flaw in the python scripts.py module...