CVE-2024-23122

Summary: CVE-2024-23122 affects Autodesk AutoCAD via parsing of malicious 3DM files in opennurbs.dll, causing an Out-of-Bounds Write. This can crash the process, corrupt data, or allow arbitrary code execution in the current process. Exploitation details in connected sources indicate remote code ...

CVE-2023-36237

CVE-2023-36237 affects Bagisto prior to v1.5.1. The CSRF vulnerability allows an attacker to execute arbitrary code via a crafted HTML script, with root cause tied to insufficient request validation (e.g., REST-route validation in reported sources). The impact is described as arbitrary code execu...

CVE-2024-23125

CVE-2024-23125 : The provided connected documents confirm a vulnerability in Autodesk AutoCAD where parsing a malicious SLDPRT file via the ODXSW_DLL.dll component triggers a stack-based overflow. The impact as stated is a crash, potential data exposure, or arbitrary code execution in the affecte...

CVE-2021-47549

CVE-2021-47549 affects the Linux kernel via the sata_fsl driver. The documented issue is a use-after-free (UAF) in sata_fsl_port_stop triggered during rmmod sata_fsl.ko on PPC64 GNU/Linux, where after port_stop is invoked, an ioread32 on hcr_base leads to a kernel OOPS and potential memory access...

CVE-2023-40577

CVE-2023-40577 affects Prometheus Prometheus Alertmanager. The issue allows an attacker with POST permission on the /api/v1/alerts endpoint to cause arbitrary JavaScript execution in users of Alertmanager (stored XSS). The vulnerability is tied to the Alertmanager component handling incoming aler...

CVE-2024-23121

CVE-2024-23121 relates to Autodesk AutoCAD, where parsing of a malicious MODEL file via the libodxdll.dll component can trigger an out-of-bounds write. This vulnerability may allow a locally or remotely processed attack to crash, corrupt data, or execute arbitrary code within the caller’s process...

CVE-2024-25756

CVE-2024-25756 describes a stack-based buffer overflow in the Tenda AC9 v3.0 firmware (version v.15.03.06.42_multi) triggered by the formWifiBasicSet function. The vulnerability allows a remote attacker to execute arbitrary code, with high impact on confidentiality, integrity, and availability. A...

CVE-2024-25753

CVE-2024-25753 affects the Tenda AC9 router (v3.0) with firmware v15.03.06.42_multi. The vulnerability is a stack-based buffer overflow in the formSetDeviceName function, enabling a remote attacker to execute arbitrary code. The published metrics indicate a high-impact, adjacent-attack-vector sce...

CVE-2024-22544

The CVE-2024-22544 issue affects Linksys Router E1700 (version 1.0.04, build 3). The vulnerability stems from the setDateTime function, allowing authenticated attackers to execute arbitrary code due to the underlying flaw. Exploitation details (in-‑the‑wild status) are not provided in the documen...

CVE-2025-48617

CVE-2025-48617 affects Android’s CarrierConfigLoader.java, specifically overrideConfig, enabling a permissions/UID check bypass that could cause local privilege escalation with no additional execution privileges required and no user interaction. The vulnerability is tied to a local attack vector ...

CVE-2015-3306

CVE-2015-3306 affects ProFTPD before patches for 1.3.5, via the mod_copy module. Unauthenticated attackers can use SITE CPFR/CPTO to copy files anywhere on the server and can read/write arbitrary files, enabling remote code execution and information disclosure. Public exploits and proofs (e.g., e...

CVE-2024-54126

CVE-2024-54126 affects the TP-Link Archer C50. The root cause is an improper signature verification in the firmware upgrade process via the web interface. An attacker with administrative privileges within the router’s Wi‑Fi range can upload and execute malicious firmware, potentially resulting in...

CVE-2015-6564

OpenSSH vulnerability CVE-2015-6564 is a use-after-free in the PAM free context path (mm_answer_pam_free_ctx) in sshd’s monitor.c. On non-OpenBSD platforms, an attacker who controls the sshd uid and can issue an early MONITOR_REQ_PAM_FREE_CTX may gain privileges. The issue is specific to OpenSSH ...

CVE-2025-13223

CVE-2025-13223 is a Type Confusion in V8 within Google Chrome/Chromium (prior to 142.0.7444.175) that can lead to heap corruption via a crafted HTML page. The issue affects Chromium-based Chrome, with root cause described as V8 type confusion; high severity and potential remote code/impact on hea...

CVE-2025-49641

CVE-2025-49641 affects Zabbix deployments; a regular user without access to Monitoring → Problems can call problem.view.refresh and retrieve a list of active problems. Root cause described as insufficient permission checks for the problem.view.refresh action. The connected sources (Red Hat, Debia...

CVE-2016-6515

OpenSSH sshd vulnerability CVE-2016-6515 arises from the auth_password function not enforcing a maximum password length for password authentication, allowing remote, unauthenticated attackers to trigger high CPU consumption and denial of service via a long input string. Affected products: OpenSSH...

CVE-2022-26522

CVE-2022-26522 affects Avast/AVG Anti-Rootkit driver aswArPot.sys. The socket connection handler vulnerability enables local privilege escalation to kernel mode, with potential memory corruption/OS crash via double-fetch at aswArPot+0xc4a3. Avast’s mitigations include a fix released in version 22...

CVE-2021-46973

CVE-2021-46973 is a Linux kernel use-after-free in the MHI path for qrtr (net: qrtr: Avoid potential use after free in MHI send). The issue occurs because the MHI ul_callback could run immediately after queuing an skb, potentially decrementing the associated skb’s refcount and freeing it, which m...

CVE-2024-25260

The CVE-2024-25260 affecting elfutils concerns a NULL pointer dereference in readelf.c (handle_verdef function) when using elfutils v0.189. The issue is tied to versions before 0.189-6 per connected data; impact is limited to availability (crash/denial of service) with no confidentiality or integ...

CVE-2022-26523

The CVE-2022-26523 issue affects the Avast/AVG Anti‑Rootkit driver aswArPot.sys (Windows). It is a local, kernel‑mode vulnerability caused by a double fetch at aswArPot+0xbb94, enabling a user with limited privileges to run code at kernel level or trigger memory corruption/OS crash. Connected doc...

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

CVE-2024-26327

CVE-2024-26327 affects QEMU 7.1.0–8.2.1, where register_vfs in hw/pci/pcie_sriov.c mishandles a guest write of NumVFs greater than TotalVFs, resulting in a buffer overflow in VF implementations. This is documented across multiple sources (e.g., Astra Linux security bulletin) and related entries d...

CVE-2022-4039

CVE-2022-4039 affects Red Hat Single Sign-On for OpenShift container images where an unsecured management interface is enabled. Connected sources describe the flaw as allowing an attacker to use the management interface to deploy malicious code and to access/modify potentially sensitive informati...

CVE-2024-2169

CVE-2024-2169 describes a DoS by network loops via UDP in implementations of UDP application protocols. Connected sources show concrete details for MikroTik RouterOS (vulnerable: <6.49.12 and

CVE-2023-52923

CVE-2023-52923 — Linux kernel netfilter nf_tables GC transaction API fix . The issue concerns the nf_tables set backend in the Linux kernel, where the GC transaction API replaces the old GC and busy-mark approach. The patch changes: sets the _DEAD bit to hide removed elements instead of removing ...

CVE-2022-44228

Technical details for CVE-2022-44228 are not publicly available in the provided documents. No confirmed impact, affected products, or remediation are described here. Monitor for future updates.

CVE-2023-50387

CVE-2023-50387 (KeyTrap) affects DNSSEC processing in DNS resolvers. Multiple advisories note excessive CPU/DoS risk when validating DNSKEY/RRSIG in zones with many records. Affected products include Bind (bind9) and Unbound across Linux distributions (e.g., AL2, AlmaLinux) with patches/released ...

CVE-2013-5148

CVE-2013-5148 affects Apple Keynote versions older than 6.0, where Keynote in Presentation mode may bypass or leave screen lock disengaged during sleep, enabling a physically proximate attacker to access an unattended Mac. Concrete details across connected sources show the vulnerability is tied t...

CVE-2021-29050

CVE-2021-29050 describes a Cross-Site Request Forgery (CSRF) in the terms of use page of Liferay Portal prior to 7.3.6 and Liferay DXP 7.3 before SP1, and 7.2 before FP-11.** The underlying issue** is insufficient validation on the terms-of-use acceptance flow, enabling remote attackers to trick ...

CVE-2018-25032

CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...

CVE-2013-3900

CVE-2013-3900 describes a remote code execution in the WinVerifyTrust Authenticode verification for PE files. An attacker could modify a signed executable to execute code without invalidating the signature, potentially gaining full control of the system. Microsoft republished this CVE in the Secu...

CVE-2022-21384

CVE-2022-21384 is a duplicate of CVE-2021-39275 per the initial description. Connected sources provide concrete details for CVE-2021-39275: an out-of-bounds write in ap_escape_quotes() in Apache httpd, enabling a remote attacker to crash or potentially execute code. Affected products include all ...

CVE-2021-41773

CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 affecting how path normalization maps URLs to files under Alias-like directives. The issue could allow access to files outside configured directories; if CGI scripts are enabled for those paths, remote code execution is...

CVE-2024-4469

CVE-2024-4469 affects the WP STAGING WordPress Backup Plugin (pre-3.5.0). An administrator can trigger server-side request forgery (SSRF) which may impact multisite setups. The issue is mitigated/solved by upgrading to version 3.5.0 or later (patch).

CVE-2024-35311

CVE-2024-35311 affects Yubico YubiKey 5 Series <5.7.0, Security Key Series <5.7.0, YubiKey Bio Series <5.6.4, and YubiKey 5 FIPS

CVE-2024-30172

CVE-2024-30172 refers to a vulnerability in Bouncy Castle Java Cryptography APIs prior to 1.78 where an Ed25519 verification path can enter an infinite loop when processing a crafted signature and public key. The connected IBM security bulletin confirms the same CVE-ID and recommends upgrading to...

CVE-2024-40075

CVE-2024-40075 – Laravel v11.x XXE vulnerability The connected sources indicate that Laravel version 11.x is affected by an XML External Entity (XXE) vulnerability. The available details identify the flaw as an XXE issue but do not provide concrete information about the root cause in the code, af...

CVE-2023-28465

CVE-2023-28465 affects HL7 FHIR Core Libraries prior to 5.6.106. The vulnerability stems from the package‑decompression feature, allowing directory traversal that enables copying arbitrary files to certain directories when an attacker’s chosen path contains a substring of an allowed directory nam...

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

CVE-2025-3500

CVE-2025-3500 describes an Integer Overflow/Wraparound in Avast Antivirus for Windows (affected: 25.1.981.6 up to but before 25.3). The root cause is an overflow in AvastResourceParser::AllocateBuffer(int size) where size * sizeof(struct) can under-allocate a buffer, enabling privilege escalation...

CVE-2022-20128

CVE-2022-20128 is rejected/withdrawn by its CNA and does not represent an active vulnerability entry.

CVE-2023-42793

CVE-2023-42793 affects JetBrains TeamCity prior to 2023.05.4, where an authentication bypass can lead to remote code execution (RCE) on the TeamCity server. Public evidence includes multiple PoC and exploit scripts on GitHub and Exploit-DB describing admin account creation and RCE workflows, with...

CVE-2021-21158

CVE-2021-21158 entry is rejected/not used.

CVE-2023-39325

CVE-2023-39325 describes a DoS in HTTP/2 handling where a malicious client rapidly creates and resets requests, potentially exhausting server resources. The fix tightens per-connection concurrency handling: servers bound the number of executing handler goroutines to the stream-concurrency limit (...

CVE-2020-9490

CVE-2020-9490 affects Apache HTTP Server versions 2.4.20–2.4.43. A specially crafted value for the Cache-Digest header in an HTTP/2 request could cause a crash when the server subsequently attempts to HTTP/2 PUSH a resource. Mitigation for unpatched servers is to disable HTTP/2 PUSH via H2Push of...

CVE-2014-9278

CVE-2014-9278 affects the OpenSSH server as used in Fedora and Red Hat Enterprise Linux 7 in Kerberos environments. The vulnerability allows remote authenticated users to log in as another user if they appear in the target user’s .k5users file, bypassing some authentication requirements for local...

CVE-2024-25180

pdfmake 0.2.9 is affected by CVE-2024-25180: a crafted POST request to the /pdf endpoint can allow remote code execution. The /pdf endpoint’s behavior is disputed and is reported as intentional; it is only exposed after installing a test framework outside the pdfmake application, and users are re...

CVE-2024-23807

CVE-2024-23807 affects the Apache Xerces-C++ XML parser (versions 3.0.0 up to, but not including, 3.2.5) due to a use-after-free when scanning external DTDs. Patched in 3.2.5; mitigations include disabling DTD processing (DOM: standard feature; SAX: XERCES_DISABLE_DTD). Connected documents corrob...

CVE-2017-8890

CVE-2017-8890 is a Linux kernel vulnerability affecting the IPv4 networking stack. The issue is a double free in inet_csk_clone_lock() in net/ipv4/inet_connection_sock.c, which can be triggered via the accept() system call and leads to a denial of service (kernel memory corruption/crash). The Cen...

CVE-2016-8612

CVE-2016-8612 affects Apache HTTP Server mod_cluster prior to httpd 2.4.23, with a flaw in the protocol parsing logic of the load balancer that can cause a Segmentation Fault in the httpd process due to improper input validation. Exploitation details are not provided in the connected documents; r...