Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain.

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

PT-2026-5771

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.1.RCI1 Description An improper input parameters validation issue exists in a specific CGI program when a particular function is enabled during Active Director...

CVE-2025-58073 Arbitrary Mattermost Team can be joined by manipulating the OAuth state

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

The vulnerability of the meeting-join function in Cisco WebEx Meetings software allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the meeting-join function in Cisco WebEx Meetings software is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

CVE-2025-20215

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

Cisco Webex Meeting Client Join Certificate Validation Vulnerability

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

CVE-2005-4624

The mjoin function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service memory exhaustion that triggers a daemon restart via a large number of requests to join a "charmed channel" such as PTnet, PTnoticias and .log, which causes ircd to open the channel eve...

BIT-MYSQL-CLIENT-2023-52971

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...

Directory Traversal

Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join. PoC 1 Install the...

mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

A flaw was found in MariaDB. An issue in the component, Usedtablesandconstcache::usedtablesandconstcachejoin, of the MariaDB Server v10.7 allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...

The vulnerability of the Used_tables_and_const_cache::used_tables_and_const_cache_join component of the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the Usedtablesandconstcache::usedtablesandconstcachejoin component of the MariaDB database management system is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to trigger service failures using...

Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code...

postgresql: Integer overflow in hash table size calculation

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service daemon crash via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations...