CVE-2019-19458

SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...

CVE-2019-10763

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges classes permission can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a...

VIVID: a Novel Approach to Remediation Prioritization in Static Application Security Testing (SAST)

Static Application Security Testing SAST enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We propose VIVID - Vulnerability Information Via Data flow - a...

CVE-2005-3172

The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow...

CVE-2005-4002

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...

CVE-2025-47937

CVE-2025-47937 affects TYPO3 (PHP-based CMS). The issue arises in TYPO3 versions 9.0.0 through just before the fixed ELTS releases, where a DBAL multi-table query applies FrontendGroupRestriction only to the first table. This can allow data from additional tables in the same query to be exposed t...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

CVE-2025-4641 XML External Entity (XXE) injection vulnerability in WebDriverManager

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

PT-2025-20905 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The issue is related to a buffer overflow in the formMapDelDevice interface of the TOTOLINK A3002R router's firmware. This occurs due to the lack of size checking for input data, which...

CVE-2024-13009

CVE-2024-13009 (Jetty) affects Jetty 9.4.0–9.4.56 where a gzip error during inflating a request body can cause a buffer to be released incorrectly, potentially corrupting or sharing data between requests. Public IBM bulletins tie this CVE to IBM QRadar SIEM, IBM Storage Scale, and Tivoli Netcool/...

CVE-2025-37810

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...

MGASA-2025-0147 Updated apache-mod_auth_openidc packages fix security vulnerability

modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...

CVE-2023-53081

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2writeendnolock just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page...

CVE-2022-49864

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svmmigratetoram ./drivers/gpu/drm/amd/amdkfd/kfdmigrate.c:985:58-62: ERROR: p is NULL but dereferenced...

PT-2025-18085 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvente...

CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

CVE-2025-2789

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletetablerateshippingrow function in all versions up to, and...

CVE-2025-2933

The CVE-2025-2933 entry concerns the Email Notifications for Updates WordPress plugin. Root cause: missing capability check in awun_import_settings(), affecting all versions up to 1.1.6. This allows authenticated attackers with Subscriber-level access and above to modify arbitrary WordPress optio...