544 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...
CVE-2026-8291
A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper handling of Uniform Resource Identifier URI and Service SRV Subject Alternative Names SANs in the certificate validation process. An attacker can intercept sensitive information or...
CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate...
Linux Distros Unpatched Vulnerability : CVE-2026-23953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML...
AZL-72851 CVE-2025-59529 affecting package avahi 0.8-5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
Exploit for CVE-2025-1337
CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...
Linux Distros Unpatched Vulnerability : CVE-2022-50479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd: fix potential memory leak This patch fix potential memory leak clksrc when function run into last return NULL. s/free/kfree/ - Alex CVE-2022-50479 Note...
Linux Distros Unpatched Vulnerability : CVE-2023-53371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: fix memory leak in mlx5efsttredirectanycreate The memory pointed to by the fs-any pointer is not freed in the error path of mlx5efsttredirectanycreat...
Linux Distros Unpatched Vulnerability : CVE-2022-50390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to...
Linux Distros Unpatched Vulnerability : CVE-2025-21853
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freezemutex during mmap operation We use map-freezemutex to prevent races...
PT-2025-33065 · Code Projects · Job Diary
Name of the Vulnerable Software and Affected Versions: code-projects Job Diary version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument in the /admin-inbox.php file. This allows for remote exploitation. The exploit has been publicly disclosed...
SUSE CVE-2025-6494
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...
PT-2025-24426 · Tp Link · Tp-Link Tl-Ipc544Ep-W4
Name of the Vulnerable Software and Affected Versions: TP-Link TL-IPC544EP-W4 version 1.0.9 Build 240428 Rel 69493n Description: A critical vulnerability has been found in the TP-Link TL-IPC544EP-W4 camera. The issue affects the sub 69064 function of the /bin/main file. The manipulation of the te...
PT-2025-22876 · Unknown · Perfreeblog
Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A vulnerability has been found in the function JwtUtil of the component JWT Handler, which leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, and the complexity of...
PT-2025-22314 · Unknown · Project Worlds Online Time Table Generator
Name of the Vulnerable Software and Affected Versions: projectworlds Online Time Table Generator version 1.0 Description: A critical issue affects the processing of the file "/admin/add course.php". The manipulation of the argument c/subname leads to SQL injection. This issue may be exploited...
PT-2025-15238 · Ruoyi · Ruoyi
Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the postID parameter in the edit method. Recommendations: For RUoYi version 4.8.0, consider disabling the edit method until a patch is...
PT-2025-14702 · Unknown · Code-Projects Matrimonial Site
Name of the Vulnerable Software and Affected Versions: Code-Projects Matrimonial Site version V1.0 Description: The issue concerns SQL Injection. It affects the /view profile.php API endpoint, specifically the id variable. There is no information provided about the estimated number of potentially...
PT-2025-12052
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version git d4ec6a3 Description: The issue is related to a local file inclusion vulnerability due to the use of the gradio component gr.JSON. This vulnerability allows unauthenticated users to access arbitrary files...
PT-2025-8946 · Hkcms · Hkcms
Name of the Vulnerable Software and Affected Versions: HkCms version 2.3.2.240702 Description: The issue is related to an arbitrary file write vulnerability in the Appcenter.php component. This vulnerability allows for the writing of files to arbitrary locations, potentially leading to security...