75075 matches found
CVE-2026-9353
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skillsguard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREATPATTERNS leads to injection. Remote exploitatio...
CVE-2026-9054
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...
CVE-2026-43494
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...
CVE-2026-45245
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
CVE-2018-25339
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2026-28913
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-29514
NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...
CVE-2026-5979
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...
CVE-2026-33636
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...
CVE-2026-4585
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command...
CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-27128
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...
CVE-2026-25747
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...
CVE-2026-26958
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...
CVE-2026-2317
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-24688
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...
CVE-2025-71081
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the setsync callback fails during DAI probe. Make sure to drop the referen...
CVE-2025-3928
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...
CVE-2025-29824
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-8956
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can...
CVE-2024-20439
A vulnerability in Cisco Smart Licensing Utility CSLU could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could...
CVE-2023-49973
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...
CVE-2023-45278
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request...
CVE-2023-44464
pretix before 2023.7.2 allows Pillow to parse EPS files...
CVE-2022-24038
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed...
CVE-2022-2622
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file...
CVE-2022-2154
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34345. Reason: This candidate is a reservation duplicate of CVE-2022-34345. Notes: All CVE users should reference CVE-2022-34345 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability:...
CVE-2022-24355
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...
CVE-2022-0173
radare2 is vulnerable to Out-of-bounds Read...
CVE-2021-4053
Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
CVE-2021-29483
ManageWiki is an extension to the MediaWiki project. The ‘wikiconfig’ API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18…befb83c66f5b.patch. If you are unabl...
CVE-2020-17519
A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
CVE-2020-1094
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. Recent assessments: bac2binary at April 15, 2020 4:47pm UTC reported: The attack complexity is very less,...
CVE-2020-5261
Saml2 Authentication services for ASP.NET NuGet package Sustainsys.Saml2 greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patche...
Cerberus Helpdesk Workers File User Credentials Disclosure
Cerberus Helpdesk on Version 4.2.3 Stable Build 925 and 5.4.4 and potentially below, contain an unsecured file which contains configuration details including all user’s usernames and password hashes. Recent assessments: h00die at March 25, 2020 12:30am UTC reported: Found this software in an...
CVE-2020-10799
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Recent assessments: ericalexanderorg at March 21, 2020 1:24pm UTC reported: XXE vulnerability in library that’s in use by over 500 projects on Github. Assessed Attacker Value: 3 Assessed Attacker Value: 3Assessed...
CVE-2020-5849
Unraid 6.8.0 allows authentication bypass. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-8500
DISPUTED In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. Recent assessments: J3rryBl4nks at March 03, 2020 7:47pm UTC reported: Due to the fact tha...
Inferring and hijacking VPN-tunneled TCP connections
We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android which allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...
CVE-2019-7483
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution
Total.js is a Node.js Framework for building e-commerce applications, REST services, real-time apps, or apps for Internet of Things IoT, etc. Total.js CMS is a Content Management System application that is part of the Total.js framework. A commercial version is also available, and can be seen use...
CVE-2019-15637
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. Recent assessments: ccondon-r7 at July 26, 2024 2:21pm UTC...
CVE-2018-8847
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution...
CVE-2018-14054: LibMP4v2 MP4StringProperty Handling Double Free Vulnerability
LibMP4v2 is an open source MP4 processing library, designed to create and modify MP4 files as defined by ISO-IEC:14496-1:2001 MPEG-4 Systems. Originally discovered by Ruikai Liu, a double free vulnerability was found in the MP4StringProperty code. While parsing MP4 atoms, it is possible to cause ...