CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks...

EUVD-2024-41373

Malicious code in bioql PyPI...

EUVD-2023-40791

Malicious code in bioql PyPI...

EUVD-2022-27061

Malicious code in bioql PyPI...

CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2022-49362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix potential use-after-free in nfsdfileput nfsdfileputnoref can free @nf, so don't...

Linux Distros Unpatched Vulnerability : CVE-2017-12178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly...

LibreNMS Authenticated Remote Code Execution

An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...

CVE-2025-0053 Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of...

CISA: STS Scenario Workshop 1 Scenario 1 Life under a Microscope

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - It was possible to construct specific XSLT markup that woul...

CVE-2024-38503

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to...

CVE-2024-38503

Apache Syncope HTML-injection vulnerability (CVE-2024-38503) affects the Syncope Console and Enduser UI, where HTML tags can be injected into text fields during edits of users, groups, or other objects, potentially enabling exploits. The issue is documented across multiple sources (NVD, CNVD, Ver...

GHSA-W5MJ-J45Q-M638 ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several file...

Code injection

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

CVE-2023-45722

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special...

Path traversal

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special...

CVE-2023-45722 Path Traversal Arbitrary File Read affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special...

MGASA-2021-0407 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash CVE-2021-29980. Instruction reordering during JIT optimization resulted in a sequence of...