CVE-2022-4071

RSJoomla RSFirewall Plugin is affected (RSJoomla RSFirewall Plugin; specifics not fully disclosed in the provided doc). The vulnerability is reported in the HTTP Header Handler function, where manipulation of the X-Forwarded-For header leads to improper output neutralization for logs. This could ...

CVE-2024-26922

CVE-2024-26922 affects the Linux kernel drm/amdgpu path and arises from insufficient validation of bo mapping operation parameters (amdgpu_vm_bo_(map/replace_map/clearing_mappings)). The vulnerability is addressed by validating parameters in a central location for amdgpu_vm_bo_* calls, with the i...

CVE-2021-41624

CVE-2021-41624 is associated with a memory-leak DoS in F5 BIG-IP. The CNNVD entry describes F5 BIG-IP as an application delivery platform and notes a memory leak vulnerability that triggers denial of service. The provided documents do not specify affected versions, vulnerable components, exploit ...

CVE-2024-38476

CVE-2024-38476 concerns Apache HTTP Server 2.4.59 and earlier where backend applications emitting malicious or exploitable response headers can lead to information disclosure, SSRF, or local script execution via internal redirects. The connected advisories confirm the issue affects httpd/core beh...

CVE-2022-26502

CVE-2022-26502 is rejected; not used; this entry does not represent an active vulnerability.

CVE-2022-1836

CVE-2022-33981 affects the Linux kernel floppy driver. The issue is a concurrency use-after-free flaw in drivers/block/floppy.c before 5.17.6, triggered by use of raw_cmd after deallocation in raw_cmd_ioctl, leading to potential denial-of-service (kernel crash/memory corruption). Public advisorie...

CVE-2023-42219

Exim MTA vulnerability CVE-2023-42219 is described in the connected Malwarebytes entry as allowing network-adjacent attackers to disclose sensitive information on affected installations of Exim. The article also notes that Exim is not likely to fix CVE-2023-42219 and suggests mitigations such as ...

CVE-2024-3093

CVE-2024-3093 is a duplicate of CVE-2024-1752 for the Font Farsi WordPress plugin. Connected sources indicate the issue affects Font Farsi

CVE-2024-26923

CVE-2024-26923 is a Linux kernel vulnerability in AF_UNIX garbage collection. The race occurs when a GC pass enqueues an embryo that has a peer carrying SCM_RIGHTS, causing the inflight set to differ between passes. This can leave a dangling pointer in the gc_inflight_list and may lead to memory ...

CVE-2023-7198

The WP Dashboard Notes WordPress plugin (versions

CVE-2023-25690

CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...

CVE-2024-26926

CVE-2024-26926 : The Linux kernel vulnerability concerns the binder subsystem. After commit 6d98eb95, an offset alignment check was removed from binder_alloc_copy_from_buffer()/check_buffer(), and answers were copied in binder_get_object() via copy_from_user(), which now requires an explicit offs...

CVE-2024-4985

The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...

CVE-2023-21723

Technical details are not publicly available in the provided documents; no affected products, impact, or remediation are specified. Monitor for updates.

CVE-2023-25610

Fortinet CVE-2023-25610 is a buffer underwrite in the FortiOS/FortiProxy administrative interface that allows remote, unauthenticated execution of code via crafted requests. Affected firmware ranges include FortiOS 7.2.0–7.2.3, 7.0.0–7.0.6, 6.4.0–6.4.11, 6.2.12 and below, FortiProxy 7.2.0–7.2.2, ...

CVE-2021-36368

OpenSSH CVE-2021-36368 affects OpenSSH before 8.9. If a client uses public-key authentication with agent forwarding but not -oLogLevel=verbose, and a server is silently modified to support None authentication, the user cannot reliably tell if FIDO authentication will confirm the intended connecti...

CVE-2024-26920

CVE-2024-26920: In the Linux kernel, the tracing/trigger path (register_snapshot_trigger) could allocate a snapshot and erroneously report success (0) when allocation failed. The fix returns an error code on allocation failure, preventing registration of a snapshot trigger without error. This is ...

CVE-2024-25711

CVE-2024-25711 affects diffoscope before 256. The vulnerability arises from trusting the gpg --use-embedded-filenames option, enabling directory traversal via an embedded filename in a GPG file. Exploitation would disclose contents of arbitrary files (e.g., ../.ssh/id_rsa). Impact is information ...

CVE-2024-28054

The CVE-2024-28054 issue affects amavisd-new (Amavis) before 2.12.3 and 2.13.x before 2.13.1, caused by MIME-tools usage leading to an Interpretation Conflict when multiple MIME boundary parameters are present. This can result in an incorrect check for banned files or malware, depending on mail u...

CVE-2024-24681

The CVE-2024-24681 entry concerns Yealink Configuration Encrypt Tool: AES version and RSA versions before 1.2 use a single hardcoded AES key to encrypt provisioning documents, shared across customers. This weak key handling is the root cause and can compromise confidentiality of provisioning data...

CVE-2024-26464

CVE-2024-26464 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2024-25760

The connected sources identify CVE-2024-25760 as a withdrawn candidate and do not describe an active issue in that CVE entry. However, separate reports about the same Yasm component disclose a concrete vulnerability: memory leak in yasm 1.3.0, specifically in /yasm/tools/genmacro/genmacro.c. Repo...

CVE-2024-24528

CVE-2024-24528 entry is rejected/not used; not an active vulnerability.

CVE-2023-52071

The CVE-2023-52071 entry is tied to curl/libcurl. The IBM bulletin notes a stack-based buffer overflow in tool_cb_wrt within libcurl, caused by improper bounds checking, which could let a remote attacker overflow a buffer and execute code or cause a denial of service. Affected IBM MaaS360 compone...

CVE-2024-25973

Summary: CVE-2024-25973 affects OpenOLAT LMS by Frentix GmbH. The issue comprises multiple stored XSS vulnerabilities that can be triggered when users with specific permissions (group creation/edit, catalog sub-category creation/renaming, or curriculum creation) enter unfiltered input in name fie...

CVE-2024-26318

Serenity CVE-2024-26318: In Serenity up to version 6.7.x, LoginPage.tsx allows return URLs not starting with a slash, which enables Cross‑Site Scripting via phishing/email links. The issue is described across multiple sources (Serenity release notes and Red Hat/Veracode advisories) as a client-si...

CVE-2022-45320

CVE-2022-45320 affects Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16. A remote authenticated user can become the owner of a wiki page by editing it (privilege escalation). This is a wiki-level ownership issue; exploitation sta...

CVE-2024-25428

CVE-2024-25428 affects MRCMS v3.1.2 where the status parameter is vulnerable to SQL injection, enabling an attacker to run arbitrary system commands. Root cause: improper input handling leading to SQL injection. Impact per available data: potential command execution with network access, no user i...

CVE-2024-21742

CVE-2024-21742: IBM/connected IBM products show a vulnerability due to improper input validation in MIME4J DOM, enabling header injection in MIME messages. Affected: IBM API Connect v12 OnPrem 12.1.0.0 (per IBM bulletin); remediation: upgrade to 12.1.0.1. Other IBM docs also reference this CVE in...

CVE-2024-26350

Summary: CVE-2024-26350 applies to flusity-CMS v2.33, where a Cross-Site Request Forgery (CSRF) was discovered in the component /core/tools/update_contact_form_settings.php. The issue is reported across multiple feeds (RH, NVD, OSV, CVE lists) with a CVSS v3.1 base score of 8.8 (HIGH; AV:N/AC:L/P...

CVE-2024-26462

CVE-2024-26462 affects krb5 1.21.2 and is a memory-leak vulnerability in /krb5/src/kdc/ndr.c. The issue can cause memory exhaustion and potential denial of service; exploitation status is not provided in the documents, but related advisories/patches indicate upgrading to 1.21.3 or newer to mitiga...

CVE-2023-49837

CVE-2023-49837 concerns the WordPress Code Embed (simple-embed-code) plugin. A Denial of Service vulnerability exists in Code Embed versions ≤ 2.3.6 that allows an authenticated attacker with Contributor+ privileges to trigger uncontrolled resource consumption, potentially impacting site availabi...

CVE-2024-1864

CVE-2024-1864 is a duplicate of CVE-2023-2813 and is not a separate vulnerability entry. The connected NUCLEI template for CVE-2023-2813 describes a reflected XSS in WordPress themes (Aapna/Anand/Anfaust/Arendelle/… and more) where the search box reflects results, allowing an unauthenticated atta...

CVE-2020-12062

CVE-2020-12062 affects the OpenSSH scp client (OpenSSH 8.2). The issue arises when a utimes system call fails, causing the scp client to send duplicate responses to the server. A malicious unprivileged user on the remote server can leverage this to overwrite arbitrary files in the client’s downlo...

CVE-2024-28757

The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...

CVE-2024-21724

Joomla! CMS core contains a Cross-site Scripting (XSS) vulnerability due to inadequate input validation in media selection fields (CVE-2024-21724). Affected software: Joomla! core components handling media selection in extensions. Root cause: insufficient validation in media selection input paths...

CVE-2023-52489

CVE-2023-52489 is tied to a Linux kernel race in mm/sparsemem memory sections (memory_section->usage) when PFNs span ZONE_NORMAL, ZONE_DEVICE, ZONE_NORMAL and memory compaction runs. The race occurs between pfn_valid()/pfn_section_valid() and section_deactivate, where ms->usage can be NULL ...

CVE-2024-1866

CVE-2024-1866 is a duplicate of CVE-2023-2813. Connected data describe a reflected Cross-Site Scripting (XSS) issue affecting multiple WordPress themes (e.g., Aapna, Anand, Anfaust, Arendelle, etc.) where the search box reflects results, enabling an unauthenticated user to trigger XSS by clicking...

CVE-2023-7115

The CVE-2023-7115 entry concerns the Page Builder: Pagelayer WordPress plugin, specifically versions prior to 1.8.1. The underlying issue is inadequate sanitising and escaping of certain settings, enabling stored Cross-Site Scripting if an attacker has high privileges (e.g., Administrator) and, i...

CVE-2024-26618

CVE-2024-26618 (Linux kernel, arm64 SME): The vulnerability is in sme_alloc() when existing storage is present and flushing is not in progress. It could allocate new storage, leaking the existing storage and corrupting state, due to missing separation between flushing and existing-storage checks ...

CVE-2023-52488

CVE-2023-52488 concerns the Linux kernel driver for SC16IS7XX UARTs. In burst mode, the SC16IS7XX can read/write FIFO data with an initial register address, and regmap_raw_read()/regmap_raw_write() do not increment the register in this path. This could corrupt the regmap cache when multi-byte tra...

CVE-2024-26489

A verified XSS in flusity-CMS v2.33: the Addon JD Flusity 'Social block links' module allows crafting payloads in the Profile Name field to execute arbitrary web scripts/HTML. Concretely, affects flusity-CMS 2.33 and the vulnerable component is the Social block links addon; root cause is insuffic...

CVE-2024-25248

Niushop B2B2C V5 is affected by a SQL Injection in the orderGoodsDelivery() function, exploitable via the order_id parameter. The CVE-2024-25248 entry shows a critical impact (C/H/I/A = High) with network access and no privileges required, per CVSS 3.1 metrics. Connected documents corroborate the...

CVE-2024-26643

CVE-2024-26643 is a Linux kernel vulnerability in netfilter nf_tables where the asynchronous rhashtable garbage-collection can race with the release of anonymous sets that have timeouts, leading to a potential collection of elements during commit path teardown. The root cause is a race between se...

CVE-2023-40113

CVE-2023-40113 affects the Android platform (System component) and stems from a missing permission check that allowed apps to access cross‑user message data. This enables local information disclosure without extra privileges or user interaction. Public details in the provided documents are limite...

CVE-2024-24402

CVE-2024-24402 affects Nagios XI 2024R1.01, enabling privilege escalation via a crafted script targeting /usr/local/nagios/bin/npcd. Multiple sources (Red Hat, CIRCL, NVD/NASL/Nessus and CVE repositories) confirm the issue and its association with Nagios XI. In published timelines, Nagios has rel...

CVE-2024-26620

CVE-2024-26620 affects the Linux kernel’s s390 VFIO AP mediated devices (vfio-ap). The issue stems from vfio_ap_mdev_filter_matrix: when a new adapter or domain is assigned to an mdev, only the APID/APQI for the new item was inspected. This could leave AP queues bound to no driver exposed to a gu...

CVE-2023-52494

CVE-2023-52494 concerns the Linux kernel bus: mhi driver. The vulnerability arises from an unaligned event ring read pointer reading 128-bit elements (struct mhi_ring_element). Although the code validates the pointer is within the buffer, an unaligned pointer could lead to DoS or ring-buffer memo...

CVE-2023-52495

CVE-2023-52495 affects the Linux kernel PMIC GLINK altmode driver (qcom) and is caused by an incomplete port sanity check. The driver supports at most two ports; a notification for an unsupported port could access memory beyond the port array, risking memory corruption. The issue is addressed by ...

CVE-2024-26642

CVE-2024-26642 in the Linux kernel’s netfilter nf_tables fixes a denial-of-service condition by disallowing anonymous sets with the timeout flag; the patch removes such sets from userspace usage, except for NFT_SET_EVAL to preserve legacy meters. The vulnerability is due to allowing a timeout fla...