3873 matches found
CVE-2025-71137 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...
CVE-2025-13627
CVE-2025-13627 affects the WordPress plugin Makesweat (versions
CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting
The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...
CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
CVE-2018-4073
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...
CVE-2022-31757
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
CVE-2020-12473
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...
CVE-2020-24861
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...
CVE-2024-41630
Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fastsettingwifiset...
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
CVE-2025-23194
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...
CVE-2023-4704
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
EUVD-2026-1647
Malicious code in jsonify-setting npm...
Malicious code in jsonify-setting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8183b50e15a97c7409271a1f226a25472121ef2ff9abbd954ba9693ba63c6f6e The package jsonify-setting was found to contain malicious code. Source: ghsa-malware d31a9557fd6798ea1a21705b70127ad9840b9f527f34ed29161e68230fd1a86...
Malicious Package
Overview jsonify-setting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-161 Malicious code in jsonify-setting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8183b50e15a97c7409271a1f226a25472121ef2ff9abbd954ba9693ba63c6f6e The package jsonify-setting was found to contain malicious code. Source: ghsa-malware d31a9557fd6798ea1a21705b70127ad9840b9f527f34ed29161e68230fd1a86...
Out-of-bounds Write
wasm3 is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of slot setting and indirect function calls in opSetSloti32 and opCallIndirect, which allows a local attacker to manipulate execution and trigger memory corruption...
CVE-1999-0809
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed"...