CVE-2019-25067

CVE-2019-25067 affects Podman and Varlink 1.5.1, with the vulnerability impacting an unknown part of the component API and enabling Remote Privilege Escalation. Exploitation can be performed remotely, and public exploits exist. The connected documents consistently reference Podman/Varlink, and do...

CVE-2025-29774

CVE-2025-29774 concerns the xml-crypto Node.js library. The issue allows an attacker to modify a valid signed XML message such that signature verification still passes, enabling bypass of authentication/authorization in systems that rely on xml-crypto for verifying signed XML. Affected versions a...

CVE-2022-2466

Summary: CVE-2022-2466 affects Quarkus 2.10.x due to incomplete termination of the HTTP request header context, enabling HTTP request smuggling as described in connected sources. The issue relates to the handle logic in SmallRyeGraphQLAbstractHandler.java and may cause unpredictable behavior. The...

CVE-2010-2730

CVE-2010-2730 affects Microsoft Internet Information Services (IIS) 7.5 when FastCGI is enabled. It is a remote code execution vulnerability caused by a heap buffer overflow in the HTTP header processing path exposed when handling crafted request headers, allowing an unauthenticated remote attack...

CVE-2021-22573

CVE-2021-22573 involves Google OAuth Client Library for Java where IdTokenVerifier may bypass verification because the signature is not checked before claims verification. The vulnerability allows an attacker to present a compromised IdToken with a modified payload that could pass client-side val...

CVE-2016-2183

The CVE-2016-2183 (Sweet32) issue stems from the DES/3DES ciphers used in TLS/SSL, allowing a birthday attack to recover plaintext from long, encrypted sessions. Public advisories and vendor notes show OpenSSL-based stacks (and products relying on it) were affected, with mitigations including de-...

CVE-2023-38169

CVE-2023-38169 is a Microsoft SQL OLE DB Remote Code Execution vulnerability. Public sources confirm the issue affects Microsoft SQL OLE DB/ODBC components (e.g., OLE DB Driver for SQL Server and SQL Server client libraries) and can be exploited remotely via a network to run code with high impact...

CVE-2025-25292

Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...

CVE-2021-26690

CVE-2021-26690 affects Apache HTTP Server 2.4.0–2.4.46 due to a NULL pointer dereference in mod_session when parsing a crafted Cookie header, leading to Denial of Service. Public advisories and vendor pages confirm a patch exists in newer httpd releases (e.g., 2.4.46+/2.4.51 in various distributi...

CVE-2025-29775

CVE-2025-29775 : The xml-crypto library for Node.js is vulnerable in versions prior to 6.0.1, 3.2.1, and 2.1.6. An attacker can modify a valid signed XML message in transit such that signature verification still passes, bypassing authentication/authorization checks and enabling privilege escalati...

CVE-2021-3590

The CVE-2021-3590 entry concerns the Foreman project, where a credential leak could expose the Azure Compute Profile password through the JSON output of the API. The described impact affects data confidentiality, integrity, and availability. There are no concrete remediation steps or exploit spec...

CVE-2021-3177

CVE-2021-3177: A buffer overflow in PyCArg_repr of Python’s ctypes (_ctypes/callproc.c) may allow remote code execution when untrusted floating-point input is passed (e.g., 1e300 to c_double.from_param) due to unsafe use of sprintf. Affected: Python 3.x up to 3.9.1. Remediation exists in multiple...

CVE-2016-0778

CVE-2016-0778 affects the OpenSSH client roaming feature. The root cause is improper bounds handling in roaming_read/roaming_write in roaming_common.c, enabling a heap-based buffer overflow when certain proxy/forward options are used. This can cause a denial of service or potentially arbitrary co...

CVE-2022-2238

CVE-2022-2238 affects Red Hat Advanced Cluster Management for Kubernetes, specifically the search-api container. The vulnerability arises when a backend parses a search filter query, allowing crafted strings with special characters to crash the pod and impact availability. Public docs in RHSA adv...

CVE-2020-15261

CVE-2020-15261 affects Veyon Service prior to 4.4.2, which contains an unquoted service path that allows locally authenticated administrators to execute code with LocalSystem privileges. The issue is fixed in 4.4.2; a workaround is to revoke administrative privileges from untrusted users. Public ...

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

CVE-2025-0422

Cordaware bestinformed Web is affected by CVE-2025-0422: an authenticated user who can create ScriptVars of type 'script' and preview them (e.g., via Info) can execute commands on the server, i.e., Remote Code Execution. Admin permissions enable this by default, but granular permissions can allow...

CVE-2022-41862

CVE-2022-41862 affects PostgreSQL libpq/client memory disclosure when connecting with Kerberos to a modified server. Connected documents confirm impact across multiple package tracks (libpq for AL2/Linux distros and PostgreSQL server/client suites for various versions, including 12.x–15.x), with ...

CVE-2021-3442

CVE-2021-3442 affects Red Hat OpenShift API Management (3scale API Management). The vulnerability is a reflected XSS due to insufficient input validation in user-controlled fields, allowing an authenticated user to inject scripts into text boxes. The primary impact is confidentiality risk, with t...

CVE-2022-1609

CVE-2022-1609 affects The School Management WordPress plugin prior to version 9.9.7. The obfuscated backdoor is injected in the license checking code and registers a REST API handler, enabling an unauthenticated attacker to execute arbitrary PHP code on the site (RCE). Impact is the ability to ru...

CVE-2021-30047

CVE-2021-30047 affects vsftpd 3.0.3, where a denial-of-service condition can be triggered by a limited number of concurrent connections. The vulnerability arises in VSFTPD and is confirmed across multiple sources; Red Hat advisories indicate unpatched status for various RHEL versions, and Nessus ...

CVE-2022-2406

Mattermost CVE-2022-2406 concerns the legacy Slack import feature (v6.7.0 and earlier). The root cause is failure to properly limit imported file sizes, allowing an authenticated attacker to crash the server by uploading large files via the Slack import REST API. Impact is a DoS affecting availab...

CVE-2021-32803

CVE-2021-32803 concerns the npm package tar (node-tar) with an arbitrary File Creation/Overwrite vulnerability due to insufficient symlink protection when extracting tar files. The issue arises from a directory cache and mkdir-skip logic that can be bypassed when a directory and a symlink share t...

CVE-2021-27065

CVE-2021-27065 is an Exchange Server vulnerability enabling remote code execution when paired with CVE-2021-26855 (SSRF). The connected documents describe Attackers chaining CVE-26855 (SSRF) with CVE-27065 to write a webshell via EWS/OWA endpoints, allowing unauthenticated or post-auth execution ...

CVE-2015-8325

CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...

CVE-2024-2176

CVE-2024-2176 corresponds to a use-after-free in Chrome/Chromium’s FedCM, fixed in Chromium 122.0.6261.111+ (Chrome prior to 122.0.6261.111 affected). The issue could enable remote code execution via heap corruption from a crafted HTML page; impact is high (C/H/I/A = High). Affected component: Fe...

CVE-2019-25066

CVE-2019-25066 affects ajenti 2.1.31 with a vulnerability in the API that allows privilege escalation. The issue can be exploited remotely; exploits/public disclosures exist. The advised fix is upgrading to version 2.1.32, with patch reference 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. Several sou...

CVE-2021-34798

CVE-2021-34798 is a vulnerability in Apache HTTP Server where malformed requests may cause a NULL pointer dereference in the httpd core. The issue affects Apache HTTP Server 2.4.48 and earlier, and the resulting crash can lead to a Denial of Service. Multiple connected advisories confirm the same...

CVE-2024-24192

CVE-2024-24192 affects robdns, with a heap overflow in the code path handling block->filename in /src/zonefile-insertion.c (version d76d2e6). Multiple connected sources corroborate the issue and identify the vulnerable component as block->filename and the function zonefile-insertion.c. PT-2...

CVE-2024-2614

CVE-2024-2614 is a documented memory-safety issue in Mozilla Firefox and Thunderbird. The core description states memory-safety bugs in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8, with evidence of memory corruption and a potential to be exploited to run arbitrary code. Affected product...

CVE-2013-2249

CVE-2013-2249 concerns Apache HTTP Server’s mod_session_dbd. The issue arises when mod_session_dbd proceeds with save operations for a session without honoring the dirty flag or requiring a new session ID, as described in multiple sources. Public references indicate the vulnerability is associate...

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

CVE-2021-37860

Mattermost CVE-2021-37860 affects Mattermost 5.38 and earlier. The issue stems from insufficient sanitization of clipboard contents, enabling a user‑assisted attacker to inject arbitrary web script in deployments that explicitly disable the default CSP. Exploitation details are not provided in th...

CVE-2022-1798

CVE-2022-1798 is a path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1). A user who can configure kubevirt can read arbitrary host files that are publicly readable or readable for UID 107 or GID 107; note that /proc/self/ is not accessible. Impact is high for confidentiality,...

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

CVE-2022-2403

CVE-2022-2403 affects Red Hat OpenShift Container Platform. A private key for the external cluster certificate was stored in the oauth-serving-cert ConfigMaps and became readable by any authenticated OpenShift user/service-account, enabling credential disclosure that could compromise web traffic ...

CVE-2021-41803

CVE-2021-41803 affects HashiCorp Consul 1.8.1–1.11.8, 1.12.4, and 1.13.1; root cause is improper validation of node/segment names before interpolation and usage in JWT claim assertions via auto config RPC. Consequences and exploitation details are not further described in the supplied documents. ...

CVE-2024-53866

The CVE-2024-53866 entry concerns pnpm before 9.15.0, where overrides from one workspace can leak into npm metadata stored in global cache, and global-cache data can affect other workspaces. This undermines global state integrity and can enable arbitrary code execution on installs, even when igno...

CVE-2022-28345

The CVE-2022-28345 issue affects the Signal iOS app prior to version 5.34, where RTLO-injected, RTLO-encoded URLs beginning with an unbroken space (in the presence of a hash segment) can be rendered to resemble legitimate sites. An unauthenticated remote attacker could exploit this to spoof links...

CVE-2017-0143

CVE-2017-0143 concerns the SMBv1 server remote code execution vulnerability in various Windows versions. The connected documents indicate exploitation activity linked to EternalBlue in campaigns targeting SMBv1 (DLTMiner and related activity), with the vulnerability used to perform remote code ex...

CVE-2022-3172

CVE-2022-3172 : Kubernetes kube-apiserver SSRF vulnerability allowing an aggregated API server to redirect client traffic to an arbitrary URL, potentially causing unintended actions and leaking API server credentials. Connected sources confirm affected product families (kube-apiserver) and that a...

CVE-2022-29146

CVE-2022-29146 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. CVSS v3.1 base score 8.3 (HIGH) with network attack vector, high attack complexity, no privileges required, user interaction required, scope changed; impacts include confidentiality, integrity and availabili...

CVE-2021-33146

Mode C: CVE-2021-33146 affects Intel Ethernet Adapters and Intel Ethernet Controller I225 Manageability firmware. The core issue is improper input validation that may allow an unauthenticated user to disclose information over the network. Public references indicate affected firmware prior to NVM ...

CVE-2024-40898

The CVE-2024-40898 entry describes an SSRF vulnerability in Apache HTTP Server on Windows when using mod_rewrite in the server/vhost context. The issue can allow leaking NTLM hashes to a malicious server via crafted requests. Affected software is Apache HTTP Server; the remediation is to upgrade ...

CVE-2021-33162

CVE-2021-33162 : Improper access control in some Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware may allow an authenticated local user to escalate privileges. The issue is documented by Intel in advisory Intel-SA-00756 and is rated high (CVSSv3.1 base 8.4). Aff...

CVE-2019-1010208

CVE-2019-1010208 affects Veracrypt/NT Driver (veracrypt.sys) and prior Truecrypt/IDRIX implementations. Root cause: Buffer Overflow in the Veracrypt NT Driver leading to information disclosure on the kernel stack. Impact stated as partial kernel stack information disclosure; attack vector is loca...

CVE-2017-7529

The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...

CVE-2021-26084

CVE-2021-26084 is an OGNL injection vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated remote code execution. Affected branches include Confluence Server/Data Center versions prior to 6.13.23, 6.14.0 before 7.4.11, 7.5.0 before 7.11.6, and 7.12.0 before 7.12....

CVE-2023-23397

CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...

CVE-2021-33157

CVE-2021-33157 affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware, where insufficient control flow management could allow a privileged user to escalate privileges via local access. The base CVSSv3.1 score is 7.2 (HIGH) with LOCAL access, HIGH complexity, a...