CVE-2023-28756

CVE-2023-28756 describes a ReDoS vulnerability in the Ruby Time parser up to version 3.2.1. The Time parser mishandles invalid URLs containing certain characters, causing increased execution time when parsing strings to Time objects. Affected product: Ruby Time component (through Ruby up to 3.2.1...

CVE-2022-0337

CVE-2022-0337 is an information-disclosure vulnerability in Chrome’s File System Access API (window.showSaveFilePicker) caused by an inappropriate implementation. It affects Google Chrome on Windows prior to 97.0.4692.71 (and related Chromium-based browsers). Connected documents confirm that a cr...

CVE-2022-28330

CVE-2022-28330 affects Apache HTTP Server 2.4.53 and earlier on Windows, describing an out-of-bounds read when processing requests with the mod_isapi module. Public references in ALAS advisories indicate the fix is included in httpd 2.4.54 (and related ALT Linux advisories). Mitigation requires u...

CVE-2017-11357

CVE-2017-11357 affects Progress Telerik UI for ASP.NET AJAX; RadAsyncUpload input is not properly restricted, enabling remote attackers to upload arbitrary files or trigger code execution. The vulnerability is described as an insecure direct object reference in RadAsyncUpload, with impact stated ...

CVE-2011-4723

CVE-2011-4723 affects the D-Link DIR-300 router. The vulnerability is information disclosure due to cleartext password storage in the device, enabling context-dependent attackers to obtain sensitive credentials. Root cause is lack of password hashing/storage of passwords in plaintext. Public sour...

CVE-2022-21196

CVE-2022-21196: Improper authorization in Airspan/Mimosa MMP stack allows access to multiple API routes, enabling remote code execution, denial of service, and information disclosure. Affected versions are MMP before 1.0.3, PTP C-series before 2.8.6.1, and PTMP C-series/A5x before 2.5.4.1. Techni...

CVE-2016-6662

CVE-2016-6662 affects MySQL-derived products (MySQL, MariaDB, Percona Server) across multiple branches, allowing local users to bypass protections by setting general_log_file to a my.cnf configuration. The underlying flaw enables arbitrary configuration by non-privileged users and can be leverage...

CVE-2010-1452

CVE-2010-1452 affects Apache HTTP Server 2.2.x (before 2.2.16) via the mod_cache and mod_dav components. A request that lacks a path can crash the server, causing a denial of service. Debian advisories and related vendor notes confirm the issue and describe fixes/upgrades to 2.2.16 (and subsequen...

CVE-2024-26589

CVE-2024-26589 pertains to a Linux kernel flaw in the BPF flow keys handling. For PTR_TO_FLOW_KEYS, check_flow_keys_access() used a fixed offset while the code allowed a variable offset ALU operation, enabling an out-of-bounds access when the program loaded flow_keys and added a variable offset. ...

CVE-2023-38148

Mode C: CVE-2023-38148 is described in connected sources as a Windows Internet Connection Sharing (ICS) Remote Code Execution vulnerability. It is reported that an unauthenticated attacker could exploit ICS by sending a specially crafted data packet to a vulnerable system to install malware. The ...

CVE-2017-5521

CVE-2017-5521 affects multiple NETGEAR router models (R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, R8000) and enables an authentication bypass that can disclose the admin password through crafted requests to the web management server. The root ...

CVE-2025-1734

CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...

CVE-2023-28119

CVE-2023-28119 affects crewjam/saml (Go). Root cause: using flate.NewReader without input size limit allows unbounded decompression of HTTP request data, enabling a DoS by repeated requests that can crash the process. A fix is available in v0.4.13. Depending on the environment, exploitation is de...

CVE-2023-0594

Grafana CVE-2023-0594 is a stored XSS in the trace view visualization introduced on the 7.x line. The vulnerability arises because span attribute/resource values were not properly sanitized and can be rendered when expanded, enabling an attacker with Editor role to inject JavaScript into a trace ...

CVE-2022-26479

Poly EagleEye Director II (pre-2.2.2.1) contains an authentication bypass vulnerability where the existence of a certain file (creatable via an rsync backdoor) causes all API calls to run with admin privileges. Affected component/file path is unspecified in the initial documents; root cause is an...

CVE-2025-24399

CVE-2025-24399 affects the Jenkins OpenId Connect Authentication Plugin. The vulnerability arises because the plugin versions 4.452.v2849b_d3945fa_ and earlier (except 4.438.440.v3f5f201de5dc) treat usernames as case-insensitive, which on a Jenkins instance with a case-sensitive OpenID Connect pr...

CVE-2024-43765

CVE-2024-43765 is reported across multiple feeds as a local elevation-of-privilege on Android via a tapjacking/overlay attack that can grant access to a folder with user-initiated interaction. Exploitation requires user interaction and occurs in multiple locations; no device-specific proof or exp...

CVE-2024-46981

CVE-2024-46981 affects Redis where an authenticated user using a crafted Lua script can manipulate the Lua garbage collector, potentially leading to remote code execution. Affected Redis versions are fixed in 7.4.2, 7.2.7, and 6.2.17; advisories also note an added mitigation: restricting Lua exec...

CVE-2023-39331

The CVE-2023-39331 entry concerns Node.js 20 with the experimental permission model. The vulnerability stems from insufficient protection against path traversal when the application overwrites built-in utility functions with user-defined implementations, following a previously disclosed issue (CV...

CVE-2022-39253

Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...

CVE-2022-20914

CVE-2022-20914 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The root cause is excessive verbosity in a REST API output, enabling an authenticated attacker (with ERS admin credentials) to retrieve sensitive information, including admin credentials for a...

CVE-2012-2336

CVE-2012-2336 is a PHP CGI (php-cgi) vulnerability in which query strings without = can cause resource exhaustion/DoS. It stems from an incomplete fix for CVE-2012-1823 (php_getopt/T handling). The issue was addressed in PHP with patches to versions 5.3.13 and 5.4.3 (and related RH/CentOS advisor...

CVE-2025-10630

Technical details about CVE-2025-10630 are not publicly available in the provided documents; monitor for updates.

CVE-2024-26602

CVE-2024-26602 affects the Linux kernel’s membarrier path. The fix targets the sys_membarrier interface by introducing a lock on the path to serialize accesses and prevent extremely high call frequency, which could otherwise cause global slowdowns. Affected component: sched/membarrier. Root cause...

CVE-2020-23064

JQuery vulnerability (CVE-2020-11023) : In jQuery versions >=1.0.3 and <3.5.0, passing HTML that contains elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) can execute untrusted code. This was fixed in jQuery 3.5.0. Impact: potential untrusted code exec...

CVE-2018-9401

CVE-2018-9401 describes a kernel memory access vulnerability in user space caused by an incorrect bounds check, enabling local privilege escalation without extra execution privileges and with no user interaction. Connected documents indicate this CVE is associated with Google Pixel/Nexus devices ...

CVE-2023-41993

CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...

CVE-2023-27532

CVE-2023-27532 affects Veeam Backup & Replication, specifically the Cloud Connect component. The vulnerability allows an unauthenticated actor inside the backup network perimeter to obtain encrypted credentials stored in the configuration database, potentially leading to access to backup infrastr...

CVE-2021-23358

CVE-2021-23358 concerns the Underscore.js package. Multiple connected documents confirm the vulnerability affects versions up to 1.13.0-2 and earlier than 1.13.0-2 (e.g., 1.3.2 and 1.12.1 and prior), describing Arbitrary Code Injection via the template function when a variable property is passed ...

CVE-2011-2767

CVE-2011-2767 affects mod_perl 2.0 through 2.0.10. Root cause: there is no configuration option that permits Perl code for admin control of HTTP request processing without also letting unprivileged users run Perl in the Apache process context. Impact: attackers can execute arbitrary Perl code by ...

CVE-2017-15107

CVE-2017-15107 affects dnsmasq DNSSEC implementation prior to fix in later releases. Connected sources describe that wildcard synthesized NSEC records could be misinterpreted, causing incorrect validation of non-existence for hostnames that actually exist. The vulnerability is associated with dns...

CVE-2021-28960

CVE-2021-28960 affects Zoho ManageEngine Desktop Central prior to build 10.0.683. The vulnerability arises from improper handling of an input command in on-demand operations, enabling unauthenticated command injection. This could allow an attacker to execute arbitrary commands on the affected sys...

CVE-2019-11042

CVE-2019-11042 affects PHP’s EXIF extension when parsing EXIF data (exif_read_data) across PHP 7.1.x < 7.1.31, 7.2.x < 7.2.21, and 7.3.x

CVE-2022-28391

CVE-2022-28391 — BusyBox : Vulnerability allows remote code execution if netstat prints a DNS PTR record value to a VT terminal (or attacker can change terminal colors). Affected: BusyBox up to 1.35.0. Remediation: upgrade to patched BusyBox versions (e.g., 1.35.0-2 or newer like 1.36.1-3 as seen...

CVE-2024-3094

CVE-2024-3094 - Normal mode Affected: XZ Utils (xz-utils) upstream tarballs starting with 5.6.0; vulnerable in 5.6.0 and 5.6.1, per multiple advisories. Root cause: malicious code injected into build artifacts during the tarball preparation, with a prebuilt object file inserted into the liblzma b...

CVE-2023-33245

Minecraft is affected: versions 1.19 through 1.20 pre-releases before 7 (Java) are vulnerable via crafted world data containing a symlink, enabling arbitrary file overwrite and potentially code execution. Root cause: world data with symlink exposure. Exploitation status: no in-wild exploit detail...

CVE-2013-4286

CVE-2013-4286 affects Apache Tomcat: HTTP/AJP connectors may mishandle inconsistent headers, allowing remote request-smuggling via multiple Content-Length headers or Content-Length with Transfer-Encoding: chunked. Affected: Tomcat 6.x before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3. Ro...

CVE-2023-32067

The CVE-2023-32067 issue affects the c-ares asynchronous DNS resolver library. A malformed 0-byte UDP DNS payload can be forged and returned to a target resolver, causing the resolver to interpret the 0 length as a graceful shutdown and leading to Denial of Service. This vulnerability is document...

CVE-2020-13160

CVE-2020-13160 – AnyDesk GUI (Linux/FreeBSD) Affected: AnyDesk GUI on Linux and FreeBSD prior to version 5.5.3.Root cause: A format string vulnerability in the GUI/discovery path that can be triggered remotely.Impact: Remote code execution (RCE) with the privileges of the user running the AnyDesk...

CVE-2011-3389

CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...

CVE-2022-31628

CVE-2022-31628 affects PHP where the phar uncompressor can recursively uncompress quine gzip files, causing an infinite loop in affected builds. Public details show this affects PHP versions before 7.4.31, 8.0.24, and 8.1.11. The workaround/fix is to upgrade to the patched releases: PHP 7.4.31, 8...

CVE-2022-0235

CVE-2022-0235 affects the node-fetch package and is described as a vulnerability that could result in Exposure of Sensitive Information to an Unauthorized Actor. The connected document(s) confirm this CVE ID and provide contextual metrics (e.g., CVSS scores from NVD and related references), but d...

CVE-2020-29652

CVE-2020-29652 : A nil pointer dereference in the golang.org/x/crypto/ssh component (affected through v0.0.0-20201203163018-be400aefbc4c for Go) can allow remote attackers to cause a denial of service against SSH servers. The Initial Description confirms this vulnerability, and connected IBM/IBM ...

CVE-2016-7048

CVE-2016-7048 affects PostgreSQL: the interactive installer in PostgreSQL versions prior to 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 could allow remote attackers to execute arbitrary code by abusing HTTP to download software. The vulnerability arises during the installer’s download pha...

CVE-2011-1823

The CVE-2011-1823 entry concerns the vold volume manager daemon in Android (Android 3.0 and 2.x up to 2.3.4). The vulnerability arises from trusting PF_NETLINK messages, enabling a local attacker to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only ...

CVE-2024-5458

CVE-2024-5458 affects PHP:8.1.x before 8.1.29, 8.2.x before 8.2.20, and 8.3.x before 8.3.8. The issue is a code logic error in URL validation using FILTER_VALIDATE_URL in filtering functions (e.g., filter_var), where certain URL forms cause the username:password portion to be misclassified as val...

CVE-2023-43115

Ghostscript/GhostPDL (gdevijs.c) vulnerability (CVE-2023-43115) allows remote code execution via crafted PostScript documents after SAFER is activated, by switching to the IJS device or altering the IjsServer parameter. Affected are Ghostscript versions up to 10.01.2; the issue can be triggered w...

CVE-2022-25647

CVE-2022-25647 affects com.google.code.gson:gson before 2.8.9, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, potentially enabling DoS. Public advisories (e.g., Debian DSA-5227-1) confirm the flaw and recommend upgrading to 2.8.9 or new...

CVE-2021-38406

CVE-2021-38406 affects Delta Electronics DOPSoft 2 (versions ≤ 2.00.07). It is caused by improper validation of user-supplied data when parsing specific project files, leading to multiple out-of-bounds write instances and potential code execution in the attacker’s context. The issue is documented...

CVE-2000-1124

The CVE-2000-1124 entry describes a local privilege-escalation flaw in IBM AIX 4.3.x: a buffer overflow in the piobe command caused by long environmental variables. The affected component is the piobe command on IBM AIX 4.3.x; the underlying issue is a buffer overflow allowing local users to gain...