CVE-2025-29926

CVE-2025-29926 affects XWiki Platform via the WikiManager REST API. In affected releases before fixes, any user could create a new wiki, potentially granting the user administrator privileges and enabling further farm-wide attacks. The REST API is not included in XWiki Standard by default and mus...

CVE-2023-36434

Technical details about CVE-2023-36434 are not provided in the connected documents. The materials mention the vulnerability in Windows IIS (Elevation of Privilege) but do not disclose affected products, root cause, exploit info, or fixes. Monitor for updates.

CVE-2023-24540

CVE-2023-24540 targets improper handling of JavaScript whitespace in templates, with exploitation linked to Go’s html/template and related Go stdlib packages (and broader Go toolchain components). The initial entry shows a critical CVSS v3.1 score (9.8) with network access, no user interaction, a...

CVE-2022-23121

CVE-2022-23121 is a Netatalk remote code execution vulnerability (root context) caused by improper error handling in AppleDouble parsing in parse_entries. The issue is part of multiple Netatalk flaws (e.g., CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125) affecting 3.1.x releases; ...

CVE-2022-31262

CVE-2022-31262 affects GOG Galaxy 2.0.46, with local privilege escalation due to insufficient folder permissions in %ProgramData%\GOG.com that allow hijacking the GalaxyCommunication service executable and achieving code execution as SYSTEM. Connected sources corroborate vulnerable versions 2.0.4...

CVE-2022-29556

CVE-2022-29556 affects the iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2. The vulnerability arises from the Azure IoT Hub integration, which exposes SSRF primitives that can be used to execute cross-tenant actions via internal API endpoints. This leads to potentia...

CVE-2022-24407

CVE-2022-24407 affects Cyrus SASL 2.1.17–2.1.27 (before 2.1.28); the SQL plugin (plugins/sql.c) fails to escape passwords in SQL INSERT/UPDATE, allowing a remote attacker to execute arbitrary SQL commands. This can enable privilege/escalation scenarios as described in vendor advisories. The mitig...

CVE-2015-3152

The CVE-2015-3152 issue affects MySQL client libraries where the --ssl flag is treated as optional, allowing a MITM downgrade to cleartext SSL and server spoofing. Affected products/versions include Oracle MySQL prior to 5.7.3, Oracle MySQL Connector/C (libmysqlclient) prior to 6.1.3, and MariaDB...

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

CVE-2023-41053

CVE-2023-41053 affects Redis 7.0+ where SORT_RO can bypass ACL checks, potentially exposing keys not authorized by the ACL. The root cause is improper key identification for SORT_RO, enabling access to non-permitted keys under existing ACLs. Documented impact is an ACL bypass with local access re...

CVE-2022-25366

Summary : CVE-2022-25366 affects Cryptomator up to v1.6.5 and earlier. The root cause is a DYLIB injection path: despite a Hardened Runtime flag, the app holds com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements, enabling an att...

CVE-2023-36803

CVE-2023-36803 is a Windows kernel vulnerability linked to the VRegDriver/registry callback path, enabling information disclosure via registry virtualization and differencing hive mechanisms. The connected material describes it as one of several registry callbacks issues in the VRegDriver stack, ...

CVE-2020-10745

CVE-2020-10745 affects Samba (notably AD DC) and is caused by abuse of compression in replies to NetBIOS over TCP/IP name resolution and DNS packets, leading to excessive CPU usage and a denial of service. The vulnerability impacts Samba versions prior to 4.10.17, 4.11.11, and 4.12.4. Remediation...

CVE-2023-28841

CVE-2023-28841 describes a vulnerability in Moby/Docker Swarm encrypted overlay networks where, on affected platforms, encrypted overlay traffic can silently transmit unencrypted data due to how IPSec/VXLAN are enforced via iptables rules (using the xt_u32 module and VNI filtering). This can allo...

CVE-2021-20325

CVE-2021-20325 documents a Red Hat-specific security regression for Apache HTTP Server in Red Hat Enterprise Linux 8.5.0. The issue arises from missing fixes for CVE-2021-40438 and CVE-2021-26691 in the 8.5.0 httpd packages, making new 8.5.0 installations susceptible to those CVEs (while upstream...

CVE-2025-6965

CVE-2025-6965 affects SQLite prior to 3.50.2, where the number of aggregate terms could exceed available columns, causing a memory corruption issue. The description in the Initial document notes upgrading to 3.50.2 or newer as the recommended fix. Connected documents corroborate the vulnerability...

CVE-2023-4408

The CVE-2023-4408 issue is a vulnerability in the DNS message parsing of BIND's named where the parsing path has an overly high computational complexity. A crafted large or malformed DNS message can cause high CPU usage on affected BIND 9 releases, potentially impacting both authoritative servers...

CVE-2024-31621

CVE-2024-31621 affects Flowise Flowise v1.6.2 and earlier, with multiple sources describing an authentication bypass (notably in Flowise = 1.6.6 / 1.8.1+ per other reports). If exploitation details are present, they confirm remote code execution via /api/v1; otherwise, exploitation specifics are ...

CVE-2022-45179

LIVEBOX Collaboration vDesk (through v031) has a basic XSS vulnerability in the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter, and in /dashboard/reminders. A remote authenticated user can inject arbitrary HTML into the reminder title, potentially corrupting the pag...

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

CVE-2022-25235

CVE-2022-25235: In Expat (libexpat) xmltok_impl.c, there is insufficient validation of encoding (e.g., UTF-8 validity in certain contexts) prior to version 2.4.5. PUBLICLY documented impact is high/critical: CVSS 3.1 vector shows NETWORK attack, U/N UI, with C/H/I/H and a base score of 9.8. The c...

CVE-2019-2740

CVE-2019-2740 affects the MySQL Server component (Server: XML) of Oracle MySQL. Affected versions include 5.6.44 and prior, 5.7.26 and prior, and 8.0.16 and prior. The issue allows a low-privilege, network-accessible attacker via multiple protocols to cause a hang or a repeatable crash (DOS). Sev...

CVE-2025-26410

Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...

CVE-2021-31618

CVE-2021-31618 affects the Apache httpd mod_http2 component. The issue is a NULL pointer dereference in the HTTP/2 header handling when size limits are violated, leading to denial of service by crashing the httpd worker process. Affected releases include mod_http2 1.15.17 and Apache httpd 2.4.47 ...

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

CVE-2024-20903

CVE-2024-20903 affects Oracle Database Server Java VM component. Affected versions are 19.3–19.21 and 21.3–21.12. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM, potentially leading...

CVE-2023-36805

Technical details for CVE-2023-36805 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2021-46941

CVE-2021-46941 concerns the Linux kernel usb dwc3 core. The description states the issue arises in the DRD mode switch sequence for the controller: missing CoreSoftReset before switching modes and missing Host/DGPU resets (GCTL.CoreSoftReset and DCTL.CSftRst) caused lockups on HiKey960 and simila...

CVE-2022-45177

LIVEBOX Collaboration vDesk (through v031) is affected. A vulnerability described as an Observable Response Discrepancy occurs on /api/v1/vdeskintegration/user/isenableuser, /api/v1/sharedsearch?search={NAME]+{SURNAME], and /login, where the web app reveals internal state information to unauthori...

CVE-2020-2551

CVE-2020-2551 affects Oracle WebLogic Server (WLS Core Components) on versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. The issue is a deserialization vulnerability in the IIOP protocol that allows an unauthenticated, network-remote attacker to take over the WebLogic Server. The CVSS 3....

CVE-2023-38147

Technical details about CVE-2023-38147 are not publicly provided in the supplied documents. Monitor for updates from the sources listed (NVD, CVE List, OpenVAS entries, and Microsoft KB).

CVE-2021-44026

CVE-2021-44026 concerns Roundcube Webmail, where versions prior to 1.3.17 and 1.4.x prior to 1.4.12 are vulnerable to SQL injection via search or search_params. The issue is documented in multiple advisories and CVE trackers, with Debian and Fedora indicating fixes in 1.2.3+dfsg.1-4+deb9u9 / 1.4....

CVE-2022-26809

CVE-2022-26809 is a Windows RPC Runtime Remote Code Execution vulnerability. Public material in the connected documents indicates an unauthenticated remote attacker can trigger code execution by sending a crafted RPC call, with the real vulnerability located in OSF_CASSOCIATION::ProcessBindAckOrN...

CVE-2021-22570

CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...

CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

CVE-2022-24406

OX App Suite (Open-Xchange) up to version 7.10.6 is affected by an SSRF flaw where predictable multipart/form-data boundaries allow an attacker to inject into internal Documentconverter API calls. This can enable manipulation of internal API parameters and potentially compromise internal componen...

CVE-2022-31018

CVE-2022-31018 affects Play Framework forms library (versions 2.8.3–2.8.15) for Java/Scala. The vulnerability is triggered when binding deeply nested JSON via Form.bindFromRequest or Form.bind on a JSON value, which may exhaust heap memory and crash the app (OutOfMemoryError) if run on the defaul...

CVE-2022-24437

The CVE-2022-24437 entry affects git-pull-or-clone prior to 2.0.2. The vulnerability arises from using the --upload-pack feature (also used by git clone) where the outpath argument passed to the secure spawn() call can be manipulated as a command-line argument, enabling arbitrary command injectio...

CVE-2017-7921

CVE-2017-7921 concerns Hikvision IP cameras (multiple series listed in the CVE description) that expose an improper authentication flaw. The weakness allows an unauthenticated user to escalate privileges and access sensitive information, potentially including camera configuration, credentials, an...

CVE-2014-8361

CVE-2014-8361 affects Realtek SDK’s miniigd UPnP SOAP service. The root cause is improper input validation in the NewInternalClient handling, enabling a remote attacker to execute arbitrary code. The description notes exploitation in the wild through 2023. Related sources indicate this vulnerabil...

CVE-2025-26408

CVE-2025-26408 affects Wattsense Bridge devices where the JTAG interface is unprotected and accessible via physical access to the PCB, granting full device access (extract/modify firmware) across all known versions. Root cause per SEC Consult/PacketStorm analysis is an unprotected JTAG interface ...

CVE-2022-24827

Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...

CVE-2012-5451

TVMOBiLi Media Server (HttpUtils.dll) contains a buffer-overflow DoS vulnerability (CVE-2012-5451) exploitable via long GET/HEAD requests to port 30888, affecting TVMOBiLi before version 2.1.0.3974. Public sources attribute the issue to improper handling of URI length, leading to stack-based over...

CVE-2025-68388

CVE-2025-68388 affects Elasticsearch Packetbeat (Elastic Beats). The issue is described as excessive allocation of memory and CPU caused by the integration of malicious IPv4 fragments, exploitable by an unauthenticated remote attacker over the network, leading to degraded Packetbeat performance. ...

CVE-2022-29165

CVE-2022-29165 affects Argo CD (GitOps tool for Kubernetes). Vulnerable in versions starting at 1.4.0 and prior to 2.1.15, 2.2.9, and 2.3.4. If anonymous access is enabled, unauthenticated attackers can impersonate any Argo CD user or role (including built‑in admin) by sending a crafted JWT, pote...

CVE-2020-10711

The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...

CVE-2018-20676

CVE-2018-20676 affects Bootstrap 3.x up to 3.4.0, where XSS is possible via the tooltip data-viewport attribute due to unsafe handling of input. Affected component: tooltip data-viewport. Impact stated: cross-site scripting with potential partial integrity impact; no exploitation details provided...

CVE-2013-4322

CVE-2013-4322 affects Apache Tomcat on multiple branches and is caused by improper handling of chunked transfer encoding trailing headers/extensions, allowing remote DoS by streaming data. Affects Tomcat 6.x up to 6.0.39, 7.x up to 7.0.50, and 8.x up to 8.0.0-RC10, and stems from an incomplete pr...

CVE-2025-61882

Oracle E‑Business Suite (EBS) BI Publisher Integration in the Concurrent Processing component (versions 12.2.3–12.2.14) is affected by CVE-2025-61882, a pre‑auth remote code execution (RCE) vulnerability exploitable over HTTP with no authentication. Public details describe server‑side template/XS...

CVE-2024-45337

CVE-2024-45337: Affects Go's crypto/ssh usage where ServerConfig.PublicKeyCallback can be invoked multiple times with different keys. An attacker could cause a vulnerable application to make authorization decisions based on a key the attacker does not control, enabling an authorization bypass. Th...