CVE-2024-53874

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service...

Regular Expression Denial Of Service (ReDoS)

@octokit/plugin-paginate-rest is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of the link parameter in the headers section of the request, which allows a specially crafted input to exploit the regular expression logic and trigger a denial...

CVE-2019-15002

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account...

@stryker-mutator/util vulnerable to Prototype Pollution

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2025-21515

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

CVE-2017-16332

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

CVE-2024-13137

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the...

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

PUB-A-360158501

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-46212

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal...

CVE-2024-4322

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /listpersonalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version...

CVE-2024-21742

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

CVE-2023-6940

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...

Unspecified Vulnerability in Adobe Acrobat Reader (CNVD-2025-16236)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A security vulnerability exists in Adobe Acrobat Reader version 23.006.20360 and earlier and version 20.005.30524 and earlier, which can be exploited by an attacker ...

Magento Open Source allows Information Exposure

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not...

PUB-A-269656642

In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-249998113

In fdtpathoffsetnamelen of fdtro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

Hacking Automobile Keyless Entry Systems

Suspected members of a European car-theft ring have been arrested: The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31...

PT-2022-22557 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A heap buffer-overflow issue was discovered in SWFTools via the getGifDelayTime function at /home/bupt/Desktop/swftools/src/src/gif2swf.c. This issue can be exploited, potentially leading ...

CVE-2021-37988

Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page...