CVE-2026-44171

Disclaimer: This data contains information about vulnerable...

CVE-2024-30516

CVE-2024-30516 refers to an Improper Validation of Specified Quantity in Input in SaasProject Booking Package, enabling access to functionality not properly constrained by ACLs. Affected versions: Booking Package up to 1.6.27 (n/a through 1.6.27). Root cause: input quantity validation flaw leadin...

CVE-2023-47232

Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...

CVE-2020-9086

Summary: CVE-2020-9086 describes a buffer error vulnerability in some Huawei products where an unauthenticated attacker can trigger a flaw by sending specially crafted UPnP messages to vulnerable devices, due to insufficient input validation. The consequence is a potential service abnormality, wi...

CVE-2023-39920

CVE-2023-39920 affects the WordPress plugin Redirection for Contact Form 7 (wpcf7-redirect) up to version 2.9.2. The vulnerability is a Missing Authorization / Broken Access Control issue that allows exploitation due to incorrectly configured access levels, with unauthenticated access typically c...

CVE-2023-49859

CVE-2023-49859 concerns WordPress plugin Login With Ajax (

CVE-2020-26067

CVE-2020-26067 concerns Cisco Webex Teams web interface. Affected component: web-based interface; issue arises from improper validation of usernames. An authenticated, remote attacker can create an account containing malicious HTML/script and join a space with that name, enabling cross-site scrip...

CVE-2021-3902

CVE-2021-3902 describes an XXE flaw in dompdf/dompdf's SVG parser (improper restriction of external entities) that enables SSRF and PHAR deserialization attacks. Affected: dompdf/dompdf prior to version 2.0.0. Exploitation possible even when isRemoteEnabled is false. Consequences include SSRF, di...

CVE-2024-3447

CVE-2024-3447 — QEMU SDHCI heap-based buffer overflow A heap overflow in the SDHCI device emulation of QEMU is triggered when both s->data_count and the size of s->fifo_buffer are 0x200, causing an out-of-bounds access. A malicious guest could crash the QEMU process on the host, resulting i...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2021-41737

In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...

CVE-2024-3651

CVE-2024-3651 affects the kjd/idna Python package (python-idna) and specifically the idna.encode() path in version 3.6. The issue arises when processing crafted input strings, causing quadratic growth in CPU load and resulting in a denial of service. Connected sources (Astra Linux, CIRCL, CBLMari...

CVE-2023-48276

CVE-2023-48276: WP Forms Puzzle Captcha

CVE-2023-51546

CVE-2023-51546 is an authority-listed vulnerability in the WordPress plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels (affected: up to version 4.2.1). The issue stems from Improper Privilege Management that enables Privilege Escalation . The vulnerability affects...

CVE-2024-23712

CVE-2024-23712 affects Android’s AppOpsService.java. It describes a potential DoS by saturating /data/system/appops_accesses.xml due to resource exhaustion. Exploitation is local with no privileges and no user interaction required. Android bulletin context indicates fixes in patch levels 2024-04-...

CVE-2024-2804

CVE-2024-2804 — Network Summary WordPress plugin is affected. The vulnerability is an unauthenticated SQL Injection via the category parameter in Network Summary versions

CVE-2024-28323

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CAN-2004-0232

CVE-2004-0232 is referenced in multiple security feeds as a vulnerability in Midnight Commander (mc). Connected documents describe the issue as involving buffer overflows, format string bugs, and insecure temporary file handling within mc, with CVE-2004-0226/0231/0232 grouped together in advisori...

CAN-2004-0563

The CVE CAN-2004-0563 (CVE-2004-0563) relates to freenet6 where the tspc.conf file is world-readable, exposing potential sensitive data (e.g., username and password) to local users. Connected advisories confirm Debian’s DSA-555-1 and related Debian security notices describe a local information-le...

CAN-2004-1264

CVE-2004-1264 affects the chbg utility. Debian/DSA-644-1 reports a local buffer overflow in chbg (config.c/simplify_path) that could allow arbitrary code execution when processing a crafted scenario file. The issue is exploitable remotely via a malicious configuration, with Debian indicating patc...