EUVD-2026-33679

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

CVE-2026-41641

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...

CVE-2026-30987

The CVE affects iccDEV libraries, where a stack buffer overflow in CIccTagNum::GetValues() can cause stack memory corruption or a crash. Root cause is a vulnerable implementation in GetValues(), with impact to confidentiality, integrity, and availability as per CVSS 3.1 (High/High/High). The issu...

CVE-2026-25585 iccDEV vulnerable to OOB in CIccXform3DLut::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

CVE-2025-67264

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710...

EUVD-2025-199665

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

CVE-2021-22994

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP...

CVE-2025-1095

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation LPE. The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a l...

PT-2025-1360 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2022-21384 - Apache HTTP Server Remote Code Execution Vulnerability", "Content": "CVE ID : CVE-2022-21384 Published : Jan. 16, 2025, 12:15 a.m. | 37 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...

SUSE CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...

SUSE CVE-2014-1235

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978...

SUSE CVE-2014-2037

Openswan 2.6.40 allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon restart via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466...

SUSE CVE-2017-11411

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350...

CVE-2022-40735

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

UBUNTU-CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

CVE-2020-25035

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chrootholeclient's PHP call, a related issue to CVE-2017-11322...

UBUNTU-CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

UBUNTU-CVE-2017-9779

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."...

DEBIAN-CVE-2015-7692

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...