3695 matches found
Oracle Application Server Web Cache vulnerability
Overview Oracle Applications Server Web Cache contains an unspecified information disclosure vulnerability. Description Oracle Applications Server Web Cache contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow an attacker to easily...
Cisco IOS contains DoS vulnerability in MPLS packet processing
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow attackers to conduct denial-of-service attacks on an affected device. Description Multi Protocol Label Switching MPLS is designed to increase the speed of IP...
Multiple Symantec security appliances do not allow the SNMP read-write community string to be changed
Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to modify the configuration of the device using SNMP. Description The Simple Network Management Protocol SNMP enables network and system administrators to remotely monitor and configure...
Sun Solaris X Display Manager does not properly handle invalid XDMCP requests
Overview There is a vulnerability in the way Sun Solaris handles invalid X Display Manager Control Protocol XDMCP requests. Exploitation of this vulnerability could allow an attacker to cause the X Display Manager XDM to crash. Description The X Display Manager xdm1 is responsible for managing...
Multiple Cisco ONS control cards fail to properly handle malformed ICMP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Avaya Argent Office uses weak authentication for TFTP-based administrative control
Overview The Avaya Argent Office contains a weak authentication mechanism for administrative access. Description The Avaya Argent Office uses a TFTP-based mechanism to accept requests for administrative functions. By requesting "files" from the device via its internal interface, administrators ca...
Hummingbird CyberDOCS vulnerable to SQL injection
Overview Hummingbird CyberDOCS contains an SQL injection vulnerability that could allow a remote attacker to execute SQL commands. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. Th...
HP-UX "rexec" command vulnerable to buffer overflow when supplied overly long command line argument to "-l" option
Overview A buffer overflow vulnerability in the rexec program supplied in some versions of the HP-UX operating system could allow local users to gain privileged access. Description The rexec program allows local users to execute commands on remote servers. rexec calls the rexec subroutine to act ...
Cisco Catalyst switches allow access to "enable mode" without password
Overview Cisco Catalyst OS 7.51 contains a vulnerability that allows anyone who can obtain command line access to gain "enable" mode access without knowledge of the "enable" password. Description Cisco Catalyst OS is an operating system for Cisco's line of Catalyst switches. Version 7.51 of...
SETI@home client vulnerable to buffer overflow
Overview A buffer overflow vulnerability in the SETI@home client could allow a remote attacker to execute arbitrary code or cause the SETI@home client to fail. An exploit for this vulnerability is known to exist and may be circulating. Description From the SETI@home website:SETI@home is a...
Yahoo! Mobile service discloses random sensitive information to unauthorized users
Overview The Yahoo! Mobile service contains an information exposure vulnerability. Description The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users e.g. web browsing, email, etc.. A...
Cherokee Web Server does not adequately validate user input thereby allowing remote command execution
Overview Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root. Description Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers URI's from HTTP requests directly to the shell withou...
HP Tru64 UNIX "ypmatch" contains buffer overflow (SSRT2277)
Overview The HP Tru64 UNIX implementation of "ypmatch" contains a locally exploitable buffer overflow. Description "ypmatch" is used to print the value of keys from an NIS map. A locally exploitable buffer overflow in ypmatch may permit a local attacker to gain elevated privileges and execute...
KTH Kerberos Telnet implementations do not strictly enforce client encryption request
Overview A vulnerability exists in the KTH Kerberos IV and Kerberos V Heimdal Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker...
MandrakeSoft Mandrake Linux Apache default configuration sample programs disclose server information
Overview The default installation of Apache on MandrakeSoft Mandrake Linux includes sample programs which may unnecessarily disclose information about the server. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default...
Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments
Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and without SIP Security Agreement headers, exposing...
Casdoor contains multiple authentication bypass and access management vulnerabilities
Overview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language SAML processing, account binding, and token exchange...
SGLang contains two remote code execution and one path traversal vulnerability
Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution RCE, and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have...
Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component
Overview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the server’s configuration file. This could enable data exfiltration, traffic redirection, or service...
Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key
Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token JWT signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result i...
The Librarian does not secure its interface, allowing for access to internal system data
Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google...
BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability
Overview The BeeS Examination Tool BET portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands t...
TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service
Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...
Forwarding Loop Attacks in Content Delivery Networks may result in denial of service
Overview Content Delivery Networks CDNs may in some scenarios be manipulated into a forwarding loop, which consumes server resources and causes a denial of service DoS on the network. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' Content Delivery Networks CDNs are...
Trend Micro AntiVirus fails to properly process malformed UPX packed executables
Overview The Trend Micro AntiVirus scanning engine contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro virus scanning...
Secure Elements Class 5 AVR server fails to properly authenticate registration messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate registration messages. This may allow an attacker to cause a denial-of-service condition on the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that...
Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities
Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...
UMN Gopher vulnerable to buffer overflow via overly long "+VIEWS:"
Overview The University of Minnesota Gopher client may be vulnerable to a buffer overflow when handling overly long "+VIEWS:" reply messages sent from a malicious server. Description The UMN Gopher suite includes a Gopher client for navigating Gopherspace. However, the Gopher client may incorrect...
Cisco default install of IBM Director agent fails to authenticate users for remote administration
Overview Cisco IBM Director agent fails to authenticate users for remote administration. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The default...
OpenSSL does not securely handle invalid public key when configured to ignore errors
Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...
Ethereal contains integer overflow in PPP dissector
Overview Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...
Lotus Domino Server susceptible to a pre-authentication buffer overflow during Notes authentication
Overview Lotus Domino is vulnerable to a pre-authentication buffer overflow attack during Notes authentication. Description A buffer overflow vulnerability may be exploited during Notes authentication to a Lotus Domino server. Versions prior to 5.0.12 and 6.0 are affected. According to the Rapid7...
HP Tru64 UNIX "dxsysinfo" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxsysinfo" contains a locally exploitable buffer overflow. Description "dxsysinfo" is used to monitor system resources. A locally exploitable buffer overflow in "dxsysinfo" may permit a local attacker to gain elevated privileges and execute arbitrary...
HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...
HP Tru64 UNIX "lprm" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lprm" contains a locally exploitable buffer overflow. Description "lprm" is used to remove requests from a printer spool queue. A locally exploitable buffer overflow in "lprm" may permit a local attacker to gain elevated privileges and execute arbitra...
SCO UnixWare uuxcmd contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uuxcmd, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability
Overview A stored cross-site scripting XSS vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shared PostgreSQL...
PCTCore64.sys Windows kernel driver contains missing access control vulnerability
Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...
Multiple Heap Buffer Overflows in Orthanc DICOM Server
Overview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerabilities that may...
Kyverno is vulnerable to server-side request forgery (SSRF)
Overview Kyverno, versions 1.16.0 to present, contains an SSRF vulnerability in its CEL-based HTTP functions, which lack URL validation or namespace scoping and allow namespaced policies to trigger arbitrary internal HTTP requests. An attacker with only namespace-level permissions can exploit thi...
IDrive for Windows contains local privilege escalation vulnerability
Overview The IDrive Cloud Backup Client for Windows, versions 7.0.0.63 and earlier, contains a privilege escalation vulnerability that allows any authenticated user to run arbitrary executables with NT AUTHORITY\SYSTEM permissions. Description IDrive is a cloud backup service that allows users to...
SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...
Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"
Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful...
A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...
PyMuPDF path traversal and arbitrary file write vulnerabilities
Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embeddedget’ function in ‘main.py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output path, enabling...
Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier
Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1expandoctetstring function located in decoding.c. Under worst-case conditions, this results in a one-byte stack overflow th...
Server-Side Template Injection (SSTI) vulnerability exist in Genshi
Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...
Kiwire Captive Portal contains 3 web vulnerabilities
Overview The Kiwire Captive Portal, provided by SynchroWeb, is an internet access gateway intended for providing guests internet access where many users will want to connect. Three vulnerabilities were discovered within the product, including SQL injection, open redirection, and cross site...
Cross-site scripting vulnerability in Lectora course navigation
Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...
Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...