46 matches found
CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...
GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration
Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...
CVE-2025-46819
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...
CVE-2025-52559 Zulip XSS in digest preview URL
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...
PT-2025-15339
Name of the Vulnerable Software and Affected Versions: SamsungContacts versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control, allowing local attackers to access protected data. This affects SamsungContacts, potentially exposing sensitive information...
PT-2025-14119 · Openemr · Openemr
Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.1 Description: The Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. Recommendations: For versions prior to 7.0.3.1, update to version 7.0.3.1 to...
PT-2025-3350 · Technitium · Technitium Dns Server
Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 13.2.2 Description: The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a deni...
PT-2025-4213 · Microsoft · Windows Secure Kernel Mode +1
Name of the Vulnerable Software and Affected Versions: Windows Secure Kernel Mode affected versions not specified Description: An elevation-of-privilege issue allows attackers to affect the system. The issue is related to incorrect permission assignment for a critical resource. Technical details...
PT-2024-36634 · Unknown · Nabz Image Gallery
Name of the Vulnerable Software and Affected Versions: Nabz Image Gallery versions n/a through v1.00 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to manipulate SQL commands,...
PT-2024-17473 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown functionality of the file /member/uploads add.php of the component SWF File Handler. The manipulation of the mediatype argument leads ...
PT-2024-7961 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the hostname parameter. This can lead to the...
PT-2024-32056 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow was discovered in the sProfileName parameter at the "usergrp.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: F...
PT-2024-30427 · Mediavine · Create By Mediavine
Name of the Vulnerable Software and Affected Versions: Create by Mediavine versions 1.9.8 and earlier Description: This issue exposes sensitive information to unauthorized actors. Users are urged to upgrade to the latest version to mitigate risks. Recommendations: For versions 1.9.8 and earlier,...
PT-2024-31522 · Skysystem · Arfa-Cms
Name of the Vulnerable Software and Affected Versions: SkySystem Arfa-CMS versions prior to 5.1.3124 Description: A SQL injection issue in the poll component allows remote attackers to execute arbitrary SQL commands via the psid parameter. This enables attackers to manipulate database queries,...
PT-2024-38690 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical vulnerability was found in ZZCMS 2023, affecting unknown code in the file /I/list.php. The manipulation of the skin argument leads to path traversal. This issue can be exploited remotely. The exploit...
PT-2024-7956 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: The issue is related to improper authorization. It allows a remote attacker to gain unauthorized access to participant groups they should not have access to. The vulnerabili...
PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe
Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...
PT-2024-28760 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.15 Description: The issue is related to Stored Cross-Site Scripting via the eael team...
PT-2024-24101 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/makehtml map.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has be...
PT-2024-23096 · Unknown · Sentrifugo
Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue is related to a SQL injection vulnerability. It could allow a remote user to send a specially crafted query to the server and extract all the data from it. The vulnerability is exploited through t...