Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications

Overview Retell AI's API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social engineering, phishing, and misinformation campaigns. Description Retell AI...

Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.

Overview Workhorse Software Services, Inc municipal accounting software prior to version 1.9.4.48019 contains design flaws that could allow unauthorized access to sensitive data and facilitate data exfiltration. Specifically, database connection information is stored in plaintext alongside the...

A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable

Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...

Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation

Overview The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service path privilege escalation vulnerability. In certain conditions, this flaw can lead to a local privilege escalation. Description D-Link DWA-117 AC600 MU-MIMO is a Wi-Fi USB Adapter that...

Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

Overview Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured...

Wireshark 6LoWPAN denial of service vulnerability

Overview Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet. Description Paul Makowski's report states:dissect6lowpaniphcin /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset '. It is possible for the user to increment 'offset ' to a...

Autonomy Ultraseek URL redirection vulnerability

Overview The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites. Description The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL...

Skype does not properly filter input from external websites

Overview The Skype client does not properly filter user-supplied input from websites that provide video content to Skype users. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services. The Skype client is available for the Microsoft Windows,...

Cisco IOS fails to properly handle Next Hop Resolution Protocol packets

Overview Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a...

Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication

Overview A vulnerabilty in Cisco Catalyst Systems that have a Network Analysis Module NAM installed may allow a remote, unauthenticated attacker to gain complete control of this device. Description Cisco Catalyst 6000, 6500, and Cisco 7600 series switches may utilize Cisco's NAM to monitor and...

Google Desktop vulnerable to cross-site scripting

Overview A cross-site scripting vulnerability exists in the Google Desktop Search application. This vulnerability may allow an attacker to take any action on a vulnerable system that the Google Desktop Search can. Description Google Desktop Search is a desktop search program that is integrated in...

Broadcom wireless driver fails to properly process 802.11 probe response frames

Overview A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The BCMWL5.SYS driver is a wireless 802.11 device driver...

Oracle Dictionary vulnerability

Overview An unspecified vulnerability in the Oracle Dictionary may allow a remote attacker to compromise system integrity and availability. Description Oracle Dictionary contains an unspecified vulnerability that, according to Oracle, can allow an attacker to easily compromise system integrity an...

Oracle Collaboration Suite Email Server contains a vulnerability that may compromise system confidentiality

Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Collaboration Suite Email Server contains an unspecified vulnerability. Oracle states this issue can allow an...

Oracle Reporting Framework vulnerability

Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...

IBM Tivoli Directory Server may allow unauthorized access

Overview IBM Tivoli Directory Server may allow unauthorized access to change, modify, and/or delete directory data under certain circumstances. Description The IBM Tivoli Directory Server product is described as:IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol...

Golden FTP server contains a buffer overflow

Overview Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO rename to command is used in conjunction with the RNFR rename from to rename a file...

Microsoft Internet Explorer does not properly interpret IFRAME elements when displaying URLs in the status bar

Overview Microsoft Internet Explorer does not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the statu...

Multiple Cisco ONS control cards fail to properly handle malformed SNMP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function

Overview Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTOYMINTERVAL function. Thi...

Zone Labs desktop security products fail to properly validate RCPT TO command argument

Overview Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges. Description Zone Labs offers a suite of desktop security products. These products provide...

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

ISC InterNetNews (INN) contains buffer overflow in ARTpost() function

Overview The Internet Software Consortium's ISC InterNetNews INN is a Usenet application. A vulnerability in INN may permit a remote attacker to compromise the system. Description Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol NNTP server that contains a...

Sun Solaris "/usr/lib/utmp_update" contains buffer overflow

Overview A vulnerability in Sun Solaris "/usr/lib/utmpupdate" may allow a local attacker to gain superuser privileges. Description A buffer overflow vulnerability exists in Sun Solaris "/usr/lib/utmpupdate". For more information, please see Sun Alert 55260. --- Impact A local attacker may be able...

rpc.walld fails to properly validate messages before broadcasting to clients

Overview A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available. Description From the rpc.walld man page:The wall command reads the named file, or, if no filename appears, it reads the standard input until an...

IBM Tivoli Firewall Toolbox contains vulnerability

Overview A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system. Description A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been...

Oracle9i Database contains remotely exploitable buffer overflow in "BFILENAME" function

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle 9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...

BEA WebLogic Server "ResourceAllocationException" exception may disclose user password

Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...

Cyrus IMAP Server contains a buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in versions of Cyrus IMAP Server up to and including 2.1.10. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server. Description Cyrus IMAP Server is an e-mail...

Cherokee Web Server fails to drop privileges after daemon starts

Overview Cherokee fails to drop root privileges after binding to port 80. Description Cherokee is a compact, open-source web server. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop root privileges...

PHP-Nuke does not adequately authenticate users thereby allowing attackers to change user information

Overview PHP-Nuke's saveuser function does not adequately authenticate users. Attackers may exploit this vulnerability to change user data and gain access to accounts. Description PHP-Nuke is a set of PHP scripts designed to simplify web site creation and maintenance. PHP-Nuke's saveuser function...

PHP fails to filter ASCII control characters from string arguments of mail() function

Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...

HP Tru64 UNIX "imapd" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "imapd" contains a locally exploitable buffer overflow. Description "imapd" is the IMAP daemon. A locally exploitable buffer overflow in "imapd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --...

HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257)

Overview The HP Tru64 Unix operating system contains multiple buffer overflow vulnerabilities. Description A vulnerability exists in the way in which the libc libraries handle environment variables in the HP Tru64 UNIX operating system. As a result, local attackers may be able to execute arbitrar...

AOL Instant Messenger vulnerable to DoS via crafted GIF file

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send image files to one another. By sending a crafted GIF image, an attacker can cause the victim's...

Apache Web Server vulnerable to DoS via crafted HTTP request

Overview Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests. Description A vulnerability exists in some versions the Apache Web HTTPD Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds...

Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists

Overview The Cisco IOS Firewall Feature Set also known as Cisco Secure Integrated Software, or Context Based Access Control may allow an intruder to pass traffic through the firewall in violation of implied security policies. Description It is important to note that only configurations that use t...

SCO UnixWare uux contains buffer overflow via long string of characters sent as command line argument

Overview A buffer overflow in uux, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...

Hewlett Packard HP-UX text editors contain buffer overflow

Overview A buffer overflow in the text editor on certain Hewlett-Packard systems could compromise system availability. Description Various text editing programs on HP systems that rely upon the same facilities, including e, ex, vi, edit, view, and vedit, contain a buffer overflow that could...

Cisco IOS creates SNMP read-only community string

Overview There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read its configuration, creating an information leak. Description Certain versions of the Cisco...

Casdoor contains Arbitrary File Write vulnerability

Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory and write files...

Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application...

NetApp Data ONTAP contains multiple vulnerabilities

Overview NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description NetApp Data ONTAP contains multiple undisclosed vulnerabilities. --- Impact A remote,...

Nik Software Sharpener Pro vulnerable to privilege escalation

Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...

Microsoft Internet Explorer cross-domain frame race condition

Overview Microsoft Internet Explorer contains a race condition that results in a cross-domain violation. Description Internet Explorer uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from...

Avast! antivirus buffer overflow vulnerability

Overview Avast! antivirus contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute code a vulnerable system. Description Avast! antivirus is an antivirus application that can scan different types of files. The Symbian Installer Format SIS file format is used b...

Drivers for the Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability

Overview Microsoft Windows drivers for Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Intel 2100 PRO/Wireless Network Connection Hardware The Inte...

Dell Openmanage CD launches unauthenticated services

Overview Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access. Description The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X...

Oracle Advanced Replication SQL injection vulnerability

Overview An SQL injection vulnerability in the Oracle Advanced Replication component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Advanced Replication component contains a SQL injection vulnerability.The details of this...