35 matches found
CVE-2026-48165
Disclaimer: This data contains information about vulnerable...
CVE-2026-44169
Disclaimer: This data contains information about vulnerable...
CVE-2026-44168
Disclaimer: This data contains information about vulnerable...
CVE-2023-25610
Fortinet CVE-2023-25610 is a buffer underwrite in the FortiOS/FortiProxy administrative interface that allows remote, unauthenticated execution of code via crafted requests. Affected firmware ranges include FortiOS 7.2.0–7.2.3, 7.0.0–7.0.6, 6.4.0–6.4.11, 6.2.12 and below, FortiProxy 7.2.0–7.2.2, ...
CVE-2024-27256
CVE-2024-27256 affects IBM MQ Container images: CD v3.0.0, v3.0.1, v3.1.0–3.1.3; LTS v2.0.0–2.0.22; and 2.4.0–2.4.8, 2.3.0–2.3.3, 2.2.0–2.2.2. Description: use of weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Connected sources corro...
CVE-2023-47869
The CVE-2023-47869 issue concerns the WordPress plugin wpForo Forum, affected up to version 2.2.5. Connected data indicates a Content Injection/Broken Access Control vulnerability arising from improper handling of script-related HTML in web pages, enabling code injection. Patchstack specifies tha...
CVE-2023-49755
CVE-2023-49755 affects WordPress plugin Elementor Timeline Widget (
CVE-2017-13312
CVE-2017-13312 affects Android’s Media framework (MediaCas.java) where a parcel read/write mismatch in createFromParcel, due to improper input validation, can enable local elevation of privilege on Android 8.0 (Oreo). An app could start an activity with system privileges without extra execution p...
CVE-2022-20652
Cisco Tetration contains a command-injection vulnerability in the web-based management interface and API subsystem. An authenticated remote attacker with administrator credentials can submit crafted HTTP messages to execute commands with root privileges due to insufficient input validation. Impac...
CVE-2024-33870
CVE-2024-33870 affects Artifex Ghostscript up to version 10.03.1. The issue is a path traversal vulnerability in PostScript handling that can reach arbitrary files when the current directory is within permitted paths, e.g., transforming ../../foo to ./../../foo and gaining access if ./ is allowed...
CVE-2023-47683
The CVE-2023-47683 entry concerns the miniOrange WordPress Social Login and Register plugin (Discord, Google, Twitter, LinkedIn). The root cause is improper privilege management that allows authenticated users with Subscriber access to escalate to Administrator. Affected versions are up to 7.6.6;...
CVE-2023-7201
CVE-2023-7201 affects the Everest Backup WordPress plugin (versions prior to 2.2.5). The flaw allows high-privilege users (e.g., admin) to upload arbitrary files due to improper validation, including in multisite setups. Red Hat and CVE sources corroborate the same description. Remediation: upgra...
CVE-2024-2341
CVE-2024-2341 refers to the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (plugin) with SQL Injection via the keys parameter in all versions up to 1.6.7.7, allowing authenticated subscribers to append queries and potentially exfiltrate data. Red Hat and NVD entries ...
CAN-2004-0110
CVE-2004-0110 relates to libxml and libxml2 buffer overflow bugs in URL parsing and DNS handling, allowing remote arbitrary code execution. Connected advisories (SUSE, Fedora, CentOS, RHEL) confirm exploitation via long URLs or DNS responses and describe patches to libxml/libxml2. Remediation is ...
CAN-2004-0802
Multiple connected entries reference CVE-2004-0802 in imlib2 (notably Debian DSA-552-1 and FreeBSD/OpenVAS entries). The Debian advisory lists CVSS base 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P). Descriptions indicate that a missing update is the issue, but no concrete root-cause, vulnerable versions, or ...
CAN-2004-0837
MODE C The CVE CAN-2004-0837 (CVE-2004-0837) has concrete OpenVAS/related advisories tying it to MySQL in multiple decks. Affected entries/drivers include: SUSE/SLES9 (Security update for MySQL; CVSS 10.0; patches 120293-02, 120292-02), Gentoo GLSA 200410-22 (MySQL), Gentoo/OpenVAS entries refere...
CAN-2004-0888
CVE-2004-0888 concerns an integer overflow in the CUPS pdftops filter. The issue can allow remote code execution on 64-bit platforms when a crafted PDF is printed via the lp user. Several advisories (RHSA-2008-0206, CESA-2008:0206, MDKSA/MCU references) indicate that patches backported to Red Hat...
CAN-2004-1282
LinPopUp (Linpopup) is affected by CVE-2004-1282. The vulnerability resides in the buffer handling for the strexpand function in string.c of LinPopUp 1.2.0, which allows a remote attacker to execute arbitrary code by sending a crafted message during a Reply operation. Public advisories (Debian DS...
CAN-2005-0072
CVE-2005-0072 affects zhcon (zhcon before 0.2) where the program does not drop privileges before reading a user configuration file, allowing local users to read arbitrary files. The issue is fixed in Debian with DSA-655-1 (zhcon 0.2-4woody3) and arises from reading privileged files while running ...
CAN-2005-0158
CVE-2005-0158 applies to BidWatcher, a tool for bidding on eBay auctions. The vulnerability is a format-string flaw in netstuff.cpp that can be triggered by remote inputs via an eBay HTTP server (or a spoofed server/ MITM), potentially allowing denial of service and arbitrary code execution. Publ...