CVE-2023-24329

The CVE-2023-24329 issue is in Python's urllib.parse (before 3.11.4) where URLs starting with blank characters bypass blocklists. In practice, this can undermine domain/protocol filtering and potentially enable SSRF or related impacts as described. Affected versions include Python releases prior ...

CVE-2026-6365

CVE-2026-6365 is an XSS vulnerability in Drupal core caused by improper neutralization of input during web page generation. Affects Drupal core versions: 8.0.0–before 10.5.9, 10.6.0–before 10.6.7, 11.0.0–before 11.2.11, 11.3.0–before 11.3.7. The issue relates to Drupal core’s jQuery integration f...

CVE-2024-27281

CVE-2024-27281 affects Ruby/RDoc: parsing .rdoc_options as YAML allows object injection and remote code execution due to unrestrained class restoration (and also if a crafted cache is loaded). Affected RDoc versions are 6.3.3–6.6.2; fixed in RDoc 6.6.3.1 (and vendor-specific bumps: Ruby 3.0 users...

CVE-2021-30663

CVE-2021-30663 relates to WebKit/WebKitGTK and involves an integer overflow when processing malicious web content, potentially allowing arbitrary code execution. Publicly documented fixes include upstream WebKitGTK and related WebKit components, with patches delivering non-exploit code paths, and...

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

CVE-2020-3952

CVE-2020-3952 affects VMware vCenter Server’s Directory Service (vmdir) when the Platform Services Controller does not enforce access controls, enabling a network-accessible attacker (port 389) to perform an authentication bypass and potentially gain control over the vCenter Directory. Public sou...

CVE-2013-1896

The CVE-2013-1896 issue affects the Apache HTTP Server: mod_dav.c fails to correctly determine if DAV is enabled for a URI, allowing a remote attacker to trigger a segfault via a MERGE request when the URI is handled by mod_dav_svn and the href in the XML data points to a non-DAV URI. This can le...

CVE-2003-1418

CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...

CVE-2022-20701

CVE-2022-20701 discusses multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. Affected components include the SSL VPN module and the web-based management interface, with issues in image verification. Consequences stated across sources include remote code...

CVE-2021-21166

CVE-2021-21166 describes a data race in the audio component of Google Chrome (Chromium-based) prior to 89.0.4389.72, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected product: Google Chrome (Chromium) before 89.0.4389.72; root cause: audi...

CVE-2019-1653

CVE-2019-1653 affects Cisco Small Business RV320/RV325 routers. The web-based management interface has improper access controls on URLs, enabling an unauthenticated remote attacker to retrieve sensitive information such as configuration and diagnostics. Multiple connected sources corroborate an i...

CVE-2021-21206

CVE-2021-21206 is a use-after-free in Blink (Chrome) leading to potential heap corruption via a crafted HTML page. Affected product: Google Chrome (Blink engine). Root cause: use-after-free in rendering engine prior to 89.0.4389.128. Impact per sources: high severity with network attack vector, u...

CVE-2020-6418

CVE-2020-6418 (Google Chrome / Chromium V8 type confusion) is a remote code-execution risk caused by a type confusion in V8 before version 80.0.3987.122, allowing heap corruption via a crafted HTML page. Public references confirm multiple advisories and fixes across distributions: Debian fixed in...

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

CVE-2023-52458

CVE-2023-52458 affects the Linux kernel block subsystem where partition length must be aligned to the disk’s logical block size. The issue arises before adding or resizing partitions when length isn’t checked for LBS alignment; if LBS > 512 bytes, the partition size may not be a multiple of LB...

CVE-2024-47081

CVE-2024-47081 affects the requests HTTP library (python-requests). Affected releases prior to 2.32.4 may leak .netrc credentials to third parties via maliciously crafted URLs due to a URL parsing issue. Remediation: upgrade to requests 2.32.4 or later. As a workaround for older versions, disable...

CVE-2024-12862

CVE-2024-12862 describes an Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows and Linux, allowing users without proper permissions to remove external collaborators. Affected versions: Content Server 20.2–24.4. CVSS v4.0 base score 5.5 (Medium). No public exp...

CVE-2021-46687

CVE-2021-46687 affects JFrog Artifactory: versions prior to 7.31.10 and prior to 6.23.38 are vulnerable to sensitive data exposure through the Project Administrator REST API . The underlying issue is exposed in the REST API and leads to leakage of sensitive data in affected releases. The provided...

CVE-2019-17026

CVE-2019-17026 describes a type-confusion vulnerability in the IonMonkey JIT used by Mozilla products. The issue stems from incorrect alias information when storing array elements, enabling a type confusion that could be exploited for arbitrary code execution. Affected products include Firefox ES...

CVE-2017-0147

CVE-2017-0147 affects the SMBv1 server in multiple Windows platforms, where remote attackers can obtain sensitive information from process memory via crafted SMB packets. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, ...

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

CVE-2007-2768

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, can leak whether a target user exists by returning different responses if the account is configured for OTP. This is described for CVE-2007-2768 (OpenSSH 4.6 and earlier) and is related to CVE-2007-2243 in the IBM bulletin, whic...

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

CVE-2019-11581

CVE-2019-11581 affects Jira Server and Data Center (ContactAdministrators and SendBulkMail actions). The vulnerability is a server-side template injection that enables remote code execution when user-supplied input is rendered as a Velocity template. Affected versions include Jira Server/Data Cen...

CVE-2018-0296

CVE-2018-0296 affects Cisco ASA and related FTD/FTD-based offerings, where an improper input validation of HTTP URLs in the web interface allows unauthenticated remote access to trigger DoS (device reload) or, on some releases, expose sensitive information via directory traversal. Public referenc...

CVE-2023-52473

CVE-2023-52473 – Linux kernel (thermal/core): The vulnerability is a NULL pointer dereference in the thermal zone registration error path. Specifically, if device_register() in thermal_zone_device_register_with_trips() fails, code previously dereferenced a tz pointer. A NULL assignment to tz was ...

CVE-2021-46708

CVE-2021-46708 affects npm swagger-ui-dist and swagger-ui-dist before 4.1.3 for Node.js. The vulnerability enables a remote attacker to hijack the victim’s clicking action when the user visits a malicious site, potentially enabling further attacks against the victim. The connected IBM/IBM-related...

CVE-2021-22893

CVE-2021-22893 affects Pulse Connect Secure (PCS) 9.0R3/9.1R1 and later. The flaw is an authentication bypass exposed via the Windows File Share Browser and Pulse Secure Collaboration features, allowing an unauthenticated attacker to achieve remote code execution on the PCS gateway. Public source...

CVE-2016-4437

The CVE-2016-4437 issue affects Apache Shiro before 1.2.5 when no cipher key is configured for the rememberMe feature, enabling remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Public advisories describe an RCE condition with ...

CVE-2021-35394

Realtek Jungle SDK vulnerable versions are 2.x up to 3.4.14B. The CVE-2021-35394 issue involves the UDPServer/MP Daemon (management interface) suffering multiple memory corruption flaws and an arbitrary command injection, enabling remote unauthenticated code execution. Related connected documents...

CVE-2019-17563

Tomcat CVE-2019-17563: A race-condition in FORM authentication allowed a session-fixation window in Tomcat 9.0.0.M1–9.0.29, 8.5.0–8.5.49, and 7.0.0–7.0.98. The issue is acknowledged as a vulnerability with practical exploitation not detailed in the provided docs. Affected products: Apache Tomcat....

CVE-2017-0146

CVE-2017-0146 is a Windows SMBv1 server remote code execution vulnerability. The description specifies that the SMBv1 server in affected Windows editions allows remote attackers to execute arbitrary code via crafted packets. Affected products include Windows Vista SP2; Windows Server 2008 SP2 and...

CVE-2023-22809

CVE-2023-22809 affects sudo prior to 1.9.12p2, where the sudoedit (-e) feature mishandles extra arguments passed via environment variables SUDO_EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, enabling privilege escalation. The ...

CVE-2021-35211

CVE-2021-35211 affects SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows prior to 15.2.3 HF2. The connected PoC exploit documents an out-of-bounds write path leading to remote code execution, with targets around Serv-U version 15.2.3 (examples cite 15.2.3.717). Exploitatio...

CVE-2012-0507

CVE-2012-0507 affects Oracle Java SE/JRE (7u2 and earlier, 6u30 and earlier, 5.0u33 and earlier). Root cause: AtomicReferenceArray may not enforce Object[] type, enabling type confusion. Impacts include potential sandbox breach and JVM crash; remote code execution is discussed in related advisori...

CVE-2024-38477

CVE-2024-38477 affects Apache HTTP Server 2.4.59 and earlier. The issue is a null pointer dereference in mod_proxy triggered by a malicious request, which can crash the server (Denial of Service). The published remediation is to upgrade to Apache HTTP Server 2.4.60, which fixes the issue. The CVE...

CVE-2020-1020

CVE-2020-1020 describes a remote code execution in Microsoft Windows via the Windows Adobe Font Manager Library when handling specially crafted Adobe Type 1 PostScript fonts. The flaw affects Windows versions other than Windows 10, with exploitation enabling code execution remotely after processi...

CVE-2020-10189

CVE-2020-10189 affects Zoho ManageEngine Desktop Central prior to build 10.0.474, enabling unauthenticated remote code execution via deserialization of untrusted data in FileStorage.getChartImage related to CewolfServlet/MDMLogUploaderServlet. Connected reports confirm real-world exploitation (e....

CVE-2012-1723

CVE-2012-1723 is described in Debian security advisory DSA-2507-1 as a set of OpenJDK/Java runtime vulnerabilities including validation errors in the HotSpot bytecode verifier that could allow sandbox bypass and remote code execution. The advisory lists CVE-2012-1723 among multiple related issues...

CVE-2024-7208

CVE-2024-7208 describes a vulnerability in multi-tenant hosting where an authenticated sender can spoof the identity of a shared hosting domain, bypassing DMARC, SPF, and DKIM protections. The root cause is inadequate verification of the sender against the domain identities allowed to send on beh...

CVE-2022-23176

CVE-2022-23176 affects WatchGuard Firebox and XTM appliances running Fireware OS. The vulnerability allows a remote attacker with unprivileged credentials to access the system with a privileged management session through exposed management access. Affected versions include Fireware OS before 12.7...

CVE-2022-21999

Technical details about CVE-2022-21999 are not publicly provided in the supplied connected documents. Based on the materials, we cannot specify affected software, root cause, or remediation. Monitor for updates from official advisories and vendor disclosures.

CVE-2019-16759

CVE-2019-16759 affects vBulletin 5.x up to 5.5.4. The vulnerability is a remote code execution flaw in the widget_php component triggered by the widgetConfig[code] parameter in an ajax/render/widget_php routestring request, enabling unauthenticated attackers to execute PHP code on affected server...

CVE-2021-38647

CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...

CVE-2021-30641

CVE-2021-30641 affects Apache HTTP Server 2.4.39–2.4.46 with unexpected matching behavior when MergeSlashes OFF. Connected sources indicate patched versions: Debian fixes in 2.4.38-based packages, AlmaLinux/RedHat advisories reference a fix in Apache 2.4.51 for supported Check Point versions, and...

CVE-2017-12240

CVE-2017-12240 affects Cisco IOS 12.2–15.6 and Cisco IOS XE DHCP relay subsystems. The issue is a buffer overflow in the DHCPv4 handling that allows unauthenticated, remote attackers to execute arbitrary code and possibly reload the device, causing a DoS. Impact is full control of the affected sy...

CVE-2018-18511

CVE-2018-18511 : Cross-origin images can be read from a canvas element in violation of same-origin policy using transferFromImageBitmap. The issue affects Firefox versions before 65.0.1 (Firefox

CVE-2017-9822

DotNetNuke (DNN) cookie deserialization RCE (CVE-2017-9822) affects DNN before 9.1.1. The vulnerability arises from deserializing a crafted DNNPersonalization-like cookie, enabling remote code execution. Exploitation details and public proof points are documented in exploit references (e.g., Meta...

CVE-2022-25762

CVE-2022-25762 is a concrete vulnerability in Apache Tomcat affecting WebSocket handling. When a WebSocket message is sent concurrently with closing the connection on Tomcat 8.5.0–8.5.75 or 9.0.0.M1–9.0.20, the application may continue to use a socket after it has been closed. The described error...

CVE-2021-27104

CVE-2021-27104 (Accellion FTA) is an OS command execution vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. It is exploitable via a crafted POST request to various admin endpoints, enabling an attacker to run OS commands on the device. The vulnerabilit...