CVE-2009-4230

Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the 1 RGN::run, 2 JTLS::run, or 3 SHD::run function. NOTE: some of these details are...

CVE-2021-41614

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register EPCR are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR...

CVE-2021-33629

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data...

CVE-2021-22745

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique...

CVE-2021-0052

Incorrect default privileges in the IntelR Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...

CVE-2022-31264

Solana solanarbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program...

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

CVE-2022-35506

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters...

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...

CVE-2020-12473

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...

CVE-2020-12308

Improper access control for the IntelR Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access...

CVE-2020-10517

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository conten...

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM...

CVE-2022-35952

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

CVE-2022-35941

TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...

CVE-2023-4699

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series,...

CVE-2022-23496

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

CVE-2022-31173

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...