CVE-2026-0438

A flaw was found in microcodectl. A System Management Mode SMM handler, a special CPU operating mode, could allow a callout to untrusted memory. A highly privileged attacker, with active user interaction and specific preconditions, could exploit this to execute arbitrary code within SMM. This cou...

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

GHSA-W5P8-4JCX-2J6R imageproc: integer overflow in kernel size check leads to out-of-bounds read

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

imageproc: integer overflow in kernel size check leads to out-of-bounds read

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

RUSTSEC-2026-0116 Improper check of an invariant resulting in incorrect bounds checks

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

EUVD-2024-17272

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

PT-2026-21674

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP, a local user store user’s information may be replaced duri...

CVE-2025-64113 Emby Server allows attackers to gain administrative server access without preconditions

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...

EUVD-2025-201718

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...

Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition

Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed MediaBrowser.Server.Core as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. Original Description Impact This vulnerability affects all Emb...

Exploit for Out-of-bounds Write in Php

PHuiP-FPizdaM What's this This is an exploit for a bug in...

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

CVE-2025-37727

CVE-2025-37727 affects Elasticsearch. The vulnerability involves insertion of sensitive information into log files when auditing requests to the reindex API, potentially leading to confidentiality loss under specific preconditions. The CVSS 3.1 score is 5.7 (Medium) with attack vector Adjacent, c...

PoCVulDb

It is an offensive tool for various vulnerabilities. The reposit...

PT-2024-37556 · Nissan · Nissan Altima

Name of the Vulnerable Software and Affected Versions: Nissan Altima 2022 Description: The issue concerns unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware, allowing attackers to trigger denial-of-service DoS by unauthorized access to the ECU's...

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...