90509 matches found
The vulnerabilities of Adobe Integrated Runtime and Flash Player software allow a perpetrator to execute arbitrary code.
The vulnerability of the instanceof function in Adobe Integrated Runtime and Flash Player is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by taking advantage of the processing of link handling...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Alerts & IRM platform’s notification service for monitoring and surveillance allows a perpetrator to disclose protected information.
The vulnerability of the Alerts & IRM platform’s notification service for monitoring and surveillance in Grafana relates to insufficient protection of operational data when connected to the DingDing contact point. Exploiting this vulnerability can allow a malicious actor to disclose protected...
The vulnerability of the Renesas Electronics RH850/F1L microcontroller, related to improper protection against voltage spikes and clock frequency fluctuations, allows a hacker to gain access to the protected information.
The vulnerability of the Renesas Electronics RH850/F1L microcontroller is related to improper protection against voltage spikes and clock frequency fluctuations. Exploiting this vulnerability can allow an attacker to gain access to the protected information...
The vulnerability of Adobe Illustrator, related to writing beyond the buffer boundaries, allows a hacker to execute arbitrary code.
The vulnerability of Adobe Illustrator graphic editor is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the system administration program Sudo, related to deficiencies in authentication mechanisms, allows attackers to escalate their privileges.
The vulnerability of the system administration program Sudo is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to increase their privileges...
Vulnerability eliminated
...
The vulnerability of the nfs3svc_encode_getaclres() function in the fs/nfsd/nfs3acl.c module, which is part of the Linux kernel’s Network File System support, allows a hacker to cause a service failure.
The vulnerability of the nfs3svcencodegetaclres function in the fs/nfsd/nfs3acl.c module, which is part of the Linux kernel’s Network File System support, relates to the use of a NULL pointer dereferencing. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Local Security Authority Subsystem Service (LSASS) in Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Local Security Authority Subsystem Service LSASS in Windows operating systems is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the SAP NetWeaver Application ABAP software integration platform’s server, related to improper code generation management, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the SAP NetWeaver Application ABAP software integration platform is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, related to deficiencies in the authentication mechanism, allows attackers to disclose the protected information.
The vulnerability of the IBM Guardium Data Protection platform relates to deficiencies in its authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the multi-media library Ffmpeg, related to reading data beyond the buffer boundary in memory, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the FFmpeg multimedia library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Windows Media component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Windows Media component in Windows operating systems is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Vulnerability of the hid_ctrl() function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices of the Linux kernel allows a hacker to compromise the confidentiality and accessibility of protected information.
Vulnerability of the hidctrl function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices in the Linux kernel is vulnerable to a memory leak before the last reference is freed. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to data filtering errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerability fixed on May 13, 2025
...
The vulnerability of the persistent framework MyBatis, a programming language for Java (Kotlin), relates to deficiencies in the deserialization mechanism, allowing attackers to execute arbitrary code.
The vulnerability of the persistent framework MyBatis, written in the Java Kotlin programming language, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability in the Windows 10 22H2 operating system, related to the swapping of the zero pointer, allows a malicious actor to trigger a service failure in the operating system’s kernel.
The vulnerability of the Windows 10 22H2 operating system is related to the assignment of the null pointer. Exploiting this vulnerability can allow an attacker to cause a kernel failure in the operating system...
The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.
The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. This allows attackers to inject HTML tags into the website.
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a remote attacker to inject an HTML tag that includes a link to an external resource...
The vulnerability of the pdf.js library on the MFlash secure data exchange platform, related to the lack of protective measures for website structures, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the pdf.js library on the MFlash secure data exchange platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow an attacker to execute arbitrary JavaScript code remotely...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF-XChange Editor, a program for viewing and editing PDF documents, relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created U3D file...
The vulnerability of the software products of the LLC “NPO ‘MIR’, related to the use of cryptographic algorithms containing defects, allows attackers to execute an attack using brute-force methods.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to execute an attack using brute-force methods...
The vulnerability of the phpgacl/acl_admin.tpl template in the PHP library for managing access in web applications. This is part of the phpGACL system used for managing medical documentation in OpenEMR. It allows attackers to perform cross-site scripting attacks.
The vulnerability of the phpgacl/acladmin.tpl template in the PHP library for managing access in web applications is related to the lack of protective measures taken when processing the action template parameters. Exploiting this vulnerability allows a remote attacker to perform cross-site...
The vulnerability of the Breast software lies in the lack of measures taken to neutralize special elements in cookies used in the operating system’s command. This allows attackers to execute arbitrary code.
The vulnerability of the Breast software lies in the lack of measures taken to neutralize special elements in cookies used by the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted POST requests...
The vulnerability of the Elastic Defend software’s detection, monitoring, and response mechanisms is related to insufficient handling of exceptional states, allowing attackers to trigger a service failure.
The vulnerability of the software for detecting, monitoring, and responding to Elastic Defend threats is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...
The vulnerability in the form2WlAc.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.
The vulnerability of the form2WlAc.cgi script of the D-Link DIR-816A2 router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...
The vulnerability of macOS operating systems, related to the insecure storage of confidential information, allows attackers to gain unauthorized access to protected data.
The vulnerability of macOS operating systems lies in the insecure storage of confidential information. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Launch Services interface for macOS operating systems allows attackers to circumvent security restrictions.
The vulnerability of the Launch Services interface for macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to circumvent security restrictions...
The vulnerability of the Eltex SMG-1016M router’s microprogramming software arises from the lack of measures to neutralize special elements, allowing a intruder to execute arbitrary codes.
The vulnerability of the Eltex SMG-1016M router’s microprogramming software exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary codes...
The vulnerability in the implementation of the cc_SendCcImsInfoIndMsg function in the cc_MmConManagement.c file of the Android operating system of Pixel phones allows a hacker to execute arbitrary code.
The vulnerability in the implementation of the ccSendCcImsInfoIndMsg function in the ccMmConManagement.c file of the Android operating system for Pixel phones is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...
Vulnerability of JetBrains YouTrack’s data merging functions, which allows attackers to execute a “ prototype contamination ” attack.
The vulnerability of the data merging functions in the JetBrains YouTrack project and task management software is related to the uncontrolled modification of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...
The vulnerability of the xdp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the xdp component in the Linux operating system’s kernel is related to the pointer to NULL. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel cgroup component, which allows a hacker to cause a service failure
The vulnerability of the Linux operating system’s kernel cgroup component is related to the lack of memory release after the effective lifespan of the component has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of DRM/VKMS components in Linux kernel allows a perpetrator to trigger a service failure.
The vulnerability of DRM/VKMS components in Linux operating systems is related to improper input validation in the function applyluttochannelvalue. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the Microsoft .NET software platform, related to deficiencies in the deserialization mechanism, allows attackers to trigger a service failure.
The vulnerability of the Microsoft .NET software platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the Windows Network Virtualization service allows a hacker to execute arbitrary code.
The vulnerability of the Windows Network Virtualization service for Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the “Updates Service” software, which allows a hacker to gain access to read local files.
The vulnerability of the “Updates Service” software’s web request handler lies in the lack of limits on authentication attempts. Exploiting this vulnerability can allow a malicious actor to gain read access to local files...
The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms, related to uncontrolled resource consumption, allows attackers to trigger service failures.
The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the Microsoft Visual Studio software development tool lies in the violation of data protection mechanisms, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft Visual Studio software development tool is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the package processor on the MailSherlock audit platform, which allows a hacker to execute arbitrary SQL queries.
The vulnerability of the packet handler on the MailSherlock email audit platform relates to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL queries...
Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.
Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...
The vulnerability of the AutoIt module in the ClamAV antivirus software package allows a malicious actor to trigger a service failure. This vulnerability exists in the Cisco Secure Endpoint Connector for Windows protection software.
The vulnerability of the AutoIt module in the ClamAV antivirus software package affects systems for protecting against malicious programs. This issue is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Base plugin (gst-plugins-base) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the Base plugin gst-plugins-base in the Gstreamer multimedia framework is related to insufficient protection of service data due to the lack of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
The vulnerability of Eltex “ESR-200” network interface microprogramming software, related to uncontrolled resource consumption, allows a intruder to cause a service failure.
The vulnerability of the microprogrammed service router “ESR-20” is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a hacker to cause a service failure...
The vulnerability of the Authentication Engine component of the Oracle Access Manager control system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Authentication Engine component in the Oracle Access Manager access control system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...