CVE-2026-48165

Disclaimer: This data contains information about vulnerable...

EUVD-2025-203327

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67906. Reason: This candidate is a reservation duplicate of CVE-2025-67906. Notes: All CVE users should reference CVE-2025-67906 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2025-10145

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE-2023-7073 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2015-0842

The vulnerability CVE-2015-0842 affects yubiserver prior to version 0.6. The issue is a SQL injection in the server that can lead to an authentication bypass. The available documents confirm the affected software/component and the underlying cause (SQL injection) and indicate a potentially severe...

CVE-2014-7210

CVE-2014-7210 concerns PowerDNS (pdns) in Debian prior to 3.3.1-1. The issue is that the mysqldb backend’s maintainer scripts grant overly broad permissions to the pdns user, yielding a too-privileged MySQL user. Other backends are not affected. Connected sources confirm the Debian advisory conte...

CVE-2021-26105

FortiSandbox exposes a stack-based buffer overflow (CWE-121) in the profile parser for versions 3.2.2 and earlier and 3.1.4 and earlier. An authenticated attacker can craft HTTP requests to potentially execute arbitrary code. The issue’s root cause is a buffer overflow in the profile parser; impa...

CVE-2022-29059

CVE-2022-29059 concerns Fortinet FortiWeb SQL Injection. Connected data confirms an improper neutralization of special elements used in SQL commands (CWE-89) that could allow a privileged attacker to execute SQL commands on the log database. Affected product versions include FortiWeb 7.0.1 and be...

CVE-2018-9384

CVE-2018-9384 is documented in the Pixel/Android security context as a kernel‑level issue (Kernel components → Upstream kernel) that could enable bypassing KASLR, potentially allowing local information disclosure with SYSTEM privileges. The description consistently notes a “unusual root cause” an...

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

CVE-2023-27539

There is a denial of service vulnerability in the header parsing component of Rack...

CVE-2022-43476

CVE-2022-43476 relates to the WordPress plugin Subscribe to Category (affected versions:

CVE-2023-47557

CVE-2023-47557 refers to a Missing Authorization vulnerability in the WordPress plugin Visitors Traffic Real Time Statistics (versions

CVE-2023-47183

CVE-2023-47183 refers to a Missing Authorization (Broken Access Control) vulnerability in GiveWP for WordPress. The issue affects GiveWP versions

CVE-2023-45002

CVE-2023-45002 concerns the WordPress plugin WP User Frontend (weDevs) with Missing Authorization via AJAX actions up to version 3.6.8. The issue originates from Inadequate access control (Broken Access Control) that can be exploited by users with low privileges to bypass configured security leve...

CVE-2023-48775

CVE-2023-48775 affects the WordPress WP Cleanfix plugin, specifically versions through 5.6.2. The root cause is a Missing Authorization / Broken Access Control vulnerability in the plugin’s access checks, enabling exploitation due to incorrectly configured security levels. The CVSSv3.1 base score...

CVE-2022-32203

CVE-2022-32203 describes a command-injection vulnerability in Huawei terminal printer products. The issue allows high-privilege code execution on the printer after exploitation over the network (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is described as insufficient...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 is affected by CVE-2021-39081, due to weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The issue impact is limited to the Android app and could affect confidentiality (C: High) with no integrity/av...

CVE-2023-47822

CVE-2023-47822 : WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar has a Missing/Broken Access Control vulnerability. Affected versions are

CVE-2018-9386

CVE-2018-9386 concerns the HTC reboot_block driver. The reboot_block_command may trigger a stack buffer overflow due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction required. Connected sources (NVD, Red Hat, CVE lists) confirm the issue descriptio...

CVE-2018-9462

CVE-2018-9462 describes an out-of-bounds write in the Android kernel component ftm4_pdc.c, within the store_cmd function, caused by an incorrect bounds check. This can enable local escalation of privilege to system execution privileges, with no user interaction required. The description specifies...