CVE-2025-47273

CVE-2025-47273 affects setuptools by a path traversal in PackageIndex prior to 78.1.1, allowing writing files to arbitrary locations with the process’s permissions and potentially enabling remote code execution in context. Affected: setuptools package (Python ecosystem). The issue is fixed in ver...

CVE-2023-37920

CVE-2023-37920 affects the Python Certifi package: Certifi before 2023.07.22 includes the e-Tugra root certificates, which were removed in 2023.07.22 due to security concerns. The vulnerability is documented with high/critical impact in CVSS vectors across sources, and advisories across multiple ...

CVE-2022-24990

CVE-2022-24990 — TerraMaster NAS : TerraMaster OS (TOS) 4.2.29 and earlier allows unauthenticated remote attackers to leak the administrator password by sending a crafted request to api.php?mobile/webNasIPS and reading the PWD field in the response, enabling further compromise. Public references ...

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

CVE-2024-26585

CVE-2024-26585 — Linux kernel TLS race : The vulnerability arises from a race between scheduling crypto work and socket close in TLS handling. The submitter thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete; the fix reorders scheduling the work before complete()...

CVE-2024-27954

WordPress Automatic plugin

CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

CVE-2024-21338

CVE-2024-21338 is a Windows kernel local privilege escalation caused by an exposed IOCTL with insufficient access control in the appid.sys component. The vulnerability enables local attackers with LOW privileges and no user interaction to escalate to kernel to access high-privilege operations (CV...

CVE-2022-41723

CVE-2022-41723 describes a denial-of-service in the HPACK decoder triggered by a malicious HTTP/2 stream, causing excessive CPU use. Public documents list affected ecosystems across Go HTTP/2/x/net implementations and various distributions (e.g., Red Hat OpenStack platforms, Astra Linux, CBLMarin...

CVE-2020-25613

CVE-2020-25613 affects Ruby’s WEBrick HTTP server: transfer-encoding header handling was not sufficiently validated, potentially allowing HTTP Request Smuggling by an attacker bypassing a misconfigured reverse proxy. The issue is present in Ruby versions up to 2.5.8, 2.6.x up to 2.6.6, and 2.7.x ...

CVE-2018-17082

The CVE-2018-17082 entry covers a cross-site scripting vulnerability in the Apache2 module of PHP. Affected releases are PHP with Apache2 handler: PHP 5.6.38 and earlier in 5.6.x; 7.0.x before 7.0.32; 7.1.x before 7.1.22; and 7.2.x before 7.2.10. The root cause is mishandling of the bucket brigad...

CVE-2024-21887

CVE-2024-21887 is a command-injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web components (9.x, 22.x) that allows an authenticated administrator to craft requests and execute arbitrary commands on the device. The issue affects web components and is tied to OS command-in...

CVE-2024-35085

CVE-2024-35085 affects J2EEFAST v2.7.0; a SQL injection exists in the findPage function of ProcessDefinitionMapper.xml due to insufficient input validation. Exploitation could allow an attacker to execute arbitrary SQL to access data, per multiple sources (CNVD/CNNVD, Red Hat, NVD). There is no c...

CVE-2023-0465

CVE-2023-0465 is an OpenSSL certificate policy handling flaw where non-default policy checks are bypassable, allowing invalid certificate policies to pass verification. Connected entries confirm broader impact on Brocade Fabric OS (all versions) and describe remediation: OpenSSL/OpenSSL-based pro...

CVE-2022-28464

CVE-2022-28464 affects Apifox up to version 2.1.6. The issue is a Cross Site Scripting (XSS) vulnerability that can lead to remote code execution. The connected documents consistently describe XSS as the root cause in Apifox’s web context, implying that attacker-controlled input may be processed ...

CVE-2019-10638

The CVE-2019-10638 entry concerns the Linux kernel IT: the IP ID values used for connectionless protocols (UDP/ICMP) in kernels prior to 5.1.7. The underlying issue is weak hashing of IP IDs, enabling an attacker to track a host across networks by correlating IDs and potentially obtain the hashin...

CVE-2025-22228

CVE-2025-22228 is reported in IBM Netcool Operations Insight. The issue arises from BCryptPasswordEncoder.matches(CharSequence,String) returning true for passwords longer than 72 characters if the first 72 characters are identical, enabling an authentication bypass under certain inputs. Affected ...

CVE-2022-24860

Databasir 1.01 contains a hard-coded cryptographic key vulnerability that lets an attacker generate login credentials for any user and access the backend service at different IP addresses. This is described across multiple sources (NVD description, Red Hat entry, CVE listings) as a use of hard-co...

CVE-2021-37712

CVE-2021-37712 affects the npm package node-tar (tar). The issue arises from insufficient symlink protection during extraction: a directory cache could be poisoned by a misrepresented path when a tar contains a directory and a symlink whose names Unicode-normalize to the same value, bypassing che...

CVE-2020-7059

CVE-2020-7059 concerns PHP’s fgetss() reading data with stripped tags, allowing a read past the allocated buffer in PHP versions affected: 7.2.x < 7.2.27, 7.3.x < 7.3.14, and 7.4.x

CVE-2019-5527

CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...

CVE-2018-12126

CVE-2018-12126 is a microarchitectural side-channel vulnerability affecting Intel CPUs via uncacheable data in store buffers exposed to nearby processes. Public advisories (e.g., ALAS2-2019-1274, Linux kernel debugs in DSA/DLA notices) describe mitigations including microcode updates and OS-level...

CVE-2014-3583

CVE-2014-3583 affects Apache HTTP Server 2.4.10 and earlier, where the handle_headers function in mod_proxy_fcgi.c can be triggered by long response headers to cause a denial of service (buffer over-read and daemon crash). The vulnerability stems from the proxy/Fcgi header handling in mod_proxy_f...

CVE-2023-34417

CVE-2023-34417 concerns memory-safety bugs in Mozilla Firefox 113 that could allow arbitrary code execution. The impact is noted for Firefox < 114, with high-severity CVSS 9.8 in the NVD entry. Public sources in connected documents confirm the issues affect Firefox prior to 114 and that fixes ...

CVE-2021-27928

MariaDB and Percona Server are affected by CVE-2021-27928: an untrusted search path enables eval injection, allowing a database SUPER user to execute OS commands after altering wsrep_provider and wsrep_notify_cmd. Affected versions: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10...

CVE-2020-8622

CVE-2020-8622 pertains to ISC BIND and causes an assertion failure leading to a server exit when processing a truncated TSIG-signed response. The vulnerability can be triggered by an attacker on the network path or by exploiting a server receiving a TSIG-signed request, potentially harming availa...

CVE-2020-10188

CVE-2020-10188 affects the telnetd server of netkit telnet (up to 0.17). The issue is a buffer overflow caused by incorrect bounds checks in handling short writes and urgent data (netclear/nextitem), enabling remote arbitrary code execution by unauthenticated attackers. Connected advisories confi...

CVE-2025-26523

CVE-2025-26523 affects the RupeeWeb trading platform. The vulnerability arises from insufficient authorization controls on certain API endpoints that perform add and delete operations, enabling an authenticated remote attacker to modify information belonging to other user accounts. Documented imp...

CVE-2023-35674

The CVE-2023-35674 issue affects the Android Framework, specifically an onCreate path in WindowState.java that can launch a background activity due to a logic error. This enables local elevation of privilege without extra execution privileges and without user interaction. The Android Security Bul...

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

CVE-2019-12526

CVE-2019-12526 affects Squid prior to 4.9, where URN response handling can overflow the heap with attacker-controlled data when processing URN responses from a remote server. The connected advisories confirm that a fix is available in newer upstream versions (e.g., 4.10+ as reflected in ALT Linux...

CVE-2021-25369

CVE-2021-25369 is an information-leak vulnerability in the Samsung device stack, uncovered as part of a three-vulnerability exploit chain. The issue resides in an improper access control of the sec_log file, exposing kernel information to userspace prior to Samsung’s SMR MAR-2021 Release 1. The l...

CVE-2018-20783

CVE-2018-20783 affects PHP’s PHAR extension. A heap-based buffer over-read occurs in PHAR reading functions when parsing a .phar file name, allowing memory past the actual data to be read. Affected versions include PHP <5.6.39, 7.x <7.0.33, 7.1.x <7.1.25, and 7.2.x

CVE-2018-19322

The CVE-2018-19322 issue affects GIGABYTE APP Center and related components (GDrv; GPCIDrv; AORUS GRAPHICS ENGINE; XTREME GAMING ENGINE; OC GURU II) with IO port read/write access exposed by these low‑level drivers. The documented impact is local privilege elevation via arbitrary IO port operatio...

CVE-2009-3103

CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...

CVE-2023-24537

CVE-2023-24537 affects the Go parser (go/parser) when processing Go source containing //line directives with very large line numbers, causing an infinite loop due to integer overflow. Documents confirm this vulnerability in golang/go and note that patched versions are available in affected distri...

CVE-2021-25337

CVE-2021-25337 is an Samsung-only vulnerability in the clipboard content provider (system_server) that allowed untrusted apps to read/write arbitrary files via improper access control before SMR Mar-2021 Release 1. The issue stems from missing access checks in the SemClipboardProvider.insert path...

CVE-2025-29926

CVE-2025-29926 affects XWiki Platform via the WikiManager REST API. In affected releases before fixes, any user could create a new wiki, potentially granting the user administrator privileges and enabling further farm-wide attacks. The REST API is not included in XWiki Standard by default and mus...

CVE-2024-12254

Summary (CVE-2024-12254): In Python 3.12.0+ the asyncio._SelectorSocketTransport.writelines() path may fail to pause and drain the write buffer at the high-water mark, causing unbounded memory buffering and potential exhaustion. Affected: Python 3.12.x with asyncio protocols using writelines(); r...

CVE-2023-36434

Technical details about CVE-2023-36434 are not provided in the connected documents. The materials mention the vulnerability in Windows IIS (Elevation of Privilege) but do not disclose affected products, root cause, exploit info, or fixes. Monitor for updates.

CVE-2022-26833

The CVE-2022-26833 issue affects Open Automation Software OAS Platform V16.00.0121. A vulnerability in the REST API allows unauthenticated use via a crafted sequence of HTTP requests, stemming from improper authentication. Consequences cited in the sources include unauthenticated access to the RE...

CVE-2022-25229

CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...

CVE-2018-20743

CVE-2018-20743 affects Mumble’s murmur component up to version 1.2.19 (pre-2018-08-31). The issue arises from mishandling multiple concurrent requests that are persisted in the database, enabling remote attackers to cause a denial of service (daemon hang or crash) via a message flood. Public repo...

CVE-2026-23744

CVE-2026-23744 affects MCPJam Inspector up to version 1.4.2. The Nuclei template and related sources describe a remote code execution (RCE) vulnerability exploitable via the /api/mcp/connect endpoint. The flaw arises from passing user-controlled input to shell execution, and the service is expose...

CVE-2023-41053

CVE-2023-41053 affects Redis 7.0+ where SORT_RO can bypass ACL checks, potentially exposing keys not authorized by the ACL. The root cause is improper key identification for SORT_RO, enabling access to non-permitted keys under existing ACLs. Documented impact is an ACL bypass with local access re...

CVE-2023-24540

CVE-2023-24540 targets improper handling of JavaScript whitespace in templates, with exploitation linked to Go’s html/template and related Go stdlib packages (and broader Go toolchain components). The initial entry shows a critical CVSS v3.1 score (9.8) with network access, no user interaction, a...

CVE-2022-23121

CVE-2022-23121 is a Netatalk remote code execution vulnerability (root context) caused by improper error handling in AppleDouble parsing in parse_entries. The issue is part of multiple Netatalk flaws (e.g., CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125) affecting 3.1.x releases; ...

CVE-2022-23063

CVE-2022-23063 affects Shopizer versions 2.3.0 to 3.0.1. The vulnerability is described as insufficient session expiration: when a password is changed by a user or an administrator, a user who is already logged in continues to have access to the application after the password change. The provided...

CVE-2022-24407

CVE-2022-24407 affects Cyrus SASL 2.1.17–2.1.27 (before 2.1.28); the SQL plugin (plugins/sql.c) fails to escape passwords in SQL INSERT/UPDATE, allowing a remote attacker to execute arbitrary SQL commands. This can enable privilege/escalation scenarios as described in vendor advisories. The mitig...