CVE-2024-7592

CVE-2024-7592 affects CPython's http.cookies module. The cookie value parser can enter a quadratic-time path when backslashes are used for quoted characters, causing increased CPU usage. Connected advisories confirm CPython-level impact across multiple distributions and reference fixes in CPython...

CVE-2022-31128

Tuleap CVE-2022-31128 affects Tuleap Community Edition prior to 13.10.99.82 and Tuleap Enterprise Edition prior to 13.10-3. The issue arises from improper verification of fine-grained permissions when creating Git branches via the REST API (POST git/:id/branches); users could create branches rega...

CVE-2022-22706

CVE-2022-22706 affects Arm Mali GPU Kernel Driver with an in-scope memory access flaw: a non-privileged user can gain write access to read-only pages. Affected series include Midgard r26p0–r31p0, Bifrost r0p0–r35p0, and Valhall r19p0–r35p0. Connected analyses note upstream ARM fixes (e.g., patchi...

CVE-2006-2568

UBB.threads vulnerability CVE-2006-2568 is a remote file inclusion in addpost_newpoll.php, where the thispath parameter is consumed by PHP include() without proper sanitization. Affected versions are UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial). Exploitation can enable an attacker to view ar...

CVE-2023-32243

CVE-2023-32243 affects the WordPress plugin Essential Addons for Elementor Lite (versions 5.4.0–5.7.1). The root cause is improper authentication that enables unauthenticated privilege escalation by abusing the password reset flow, allowing an attacker to reset an administrator’s password and tak...

CVE-2023-29007

Git CVE-2023-29007 affects multiple Git versions prior to 2.30.9–2.40.1. A bug in config.c (git_config_copy_or_rename_section_in_file) allows injection of arbitrary configuration via a long .gitmodules submodule URL, enabling execution of user-controlled executables when removing a submodule sect...

CVE-2022-37734

CVE-2022-37734 is a documented Denial of Service in GraphQL Java. The vulnerability arises from an uncontrolled resource consumption flaw, exploitable by sending specially-crafted requests (Directive overloading). Affected graphs-java implementations listed in sources include the fix versions: 19...

CVE-2020-13692

CVE-2020-13692 affects the PostgreSQL JDBC Driver (PgJDBC) prior to v42.2.13, where an XML External Entity (XXE) weakness exists in the driver (libpgjava). Exploitation could lead to data exposure and potential impact on availability as summarized in the connected advisories. The Debian/AlmaLinux...

CVE-2019-13734

CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...

CVE-2019-11236

The CVE-2019-11236 entry affects Python’s urllib3 up to version 1.24.1, where an attacker controlling a request parameter can trigger CRLF injection. Multiple connected advisories corroborate this issue and cite potential header/credential exposure risks in cross-origin redirects or crafted reque...

CVE-2016-9079

CVE-2016-9079 is a use-after-free vulnerability in Mozilla Firefox/Thunderbird SVG Animation. Affected: Firefox < 50.0.2, Firefox ESR < 45.5.1, Thunderbird

CVE-2025-20631

CVE-2025-20631 affects the MediaTek WLAN AP driver (notably on MediaTek chipsets such as MT7615/MT7622/MT7663/MT7915/MT7916/MT7981/MT7986). The root cause is an incorrect bounds check that enables an out-of-bounds write, leading to local privilege escalation with no extra privileges and no user i...

CVE-2023-32315

Openfire (Ignite Realtime) is affected by a path traversal vulnerability in the web-based Admin Console exposed via the unauthenticated Setup Environment, permitting access to admin pages in an already configured Openfire instance. Affected versions are Openfire releases since April 2015 starting...

CVE-2022-36537

CVE-2022-36537 – ZK Framework Information Disclosure . Affected versions of ZK Framework: 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, 8.6.4.1. An unauthenticated attacker can obtain sensitive data via a crafted POST to the AuUploader component, potentially exposing web-context files and configuration data....

CVE-2022-31017

Zulip Server contains a logic error in versions 2.1.0 through 5.2 where a private stream with protected history, upon edits, erroneously causes an API event that includes the edited message to all current subscribers. The issue stems from the server sending the edited message via an API event to ...

CVE-2018-6353

Technical details about CVE-2018-6353 are not provided in the supplied documents. No affected versions, root cause, impact, or remediation are specified here. Monitor for official advisories or vendor/security feeds for updates.

CVE-2025-62718

Axios prior to 1.15.0 has a hostname normalization flaw when evaluating NO_PROXY rules. Requests to loopback addresses (e.g., localhost with a trailing dot or IPv6 [::1]) can bypass NO_PROXY and be routed through the configured proxy. This bypass enables potential proxy circumvention and SSRF aga...

CVE-2023-4206

CVE-2023-4206 is a use-after-free vulnerability in the Linux kernel net/sched: cls_route (route handling) caused by route4_change() copying the entire tcf_result into a new filter. On update, tcf_unbind_filter() is invoked on the old instance, decreasing the parent class’ filter_cnt and potential...

CVE-2022-44877

CVE-2022-44877 affects CentOS Web Panel / Control Web Panel (CWP) 7 prior to 0.9.8.1147. The vendor’s login/index.php component is vulnerable to OS command injection via shell metacharacters in the login parameter, enabling remote code execution. Public templates and security feeds describe it as...

CVE-2022-42916

CVE-2022-42916 affects curl’s HSTS check: when hostnames contain IDN characters that map to ASCII (e.g., IDEOGRAPHIC FULL STOP U+3002), curl can bypass HSTS and end up using HTTP instead of HTTPS. This could lead to cleartext transmission if an HTTP URL is provided. The issue is tied to curl vers...

CVE-2022-22950

CVE-2022-22950 affects Spring Framework 5.3.0–5.3.16 and older unsupported versions, where a specially crafted SpEL expression may cause a Denial of Service. The connected advisories corroborate the DoS vector via Spring Expression language handling, and indicate a fix is available in newer branc...

CVE-2019-17666

CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

CVE-2026-24858

CVE-2026-24858 is a high-severity authentication bypass affecting Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb (various 7.x versions) via FortiCloud SSO. The issue allows an attacker with a FortiCloud account and a registered device to log into other devices registered ...

CVE-2021-46948

CVE-2021-46948 relates to the Linux kernel: the sfc: farch patch fixes TX queue lookup in TX event handling. The issue occurred because TXQ label was used as the basis for queue lookup, which could cause efx_channel_get_tx_queue() to return NULL and trigger panics. The vulnerability has been reso...

CVE-2023-29492

Summary (CVE-2023-29492) NoviSurvey before version 8.9.43676 is affected by an insecure deserialization vulnerability. The flaw allows remote attackers to execute arbitrary code on the server in the context of the service account, without accessing stored survey or response data. Concrete details...

CVE-2022-25856

The CVE-2022-25856 entry affects the Argo Events project: the GitArtifactReader.Read() implementation in the sensors/artifacts code path (git.go) allows directory traversal, enabling an attacker to read arbitrary files when a path contains a symbolic link or an implicit directory (e.g., using ../...

CVE-2016-8101

The CVE-2016-8101 issue affects Intel SSD Toolbox updater subsystem and is present in versions prior to 3.3.7. A local attacker can gain privileges via unspecified vectors; the exact exploit path is not detailed in the provided documents. The trusted remediation is to upgrade to version 3.3.7 or ...

CVE-2024-21490

CVE-2024-21490 affects AngularJS ng-srcset handling. The vulnerability is a regular expression backtracking (ReDoS) in the ng-srcset split logic, exploitable via crafted input to trigger super-linear runtime and denial of service. Documents indicate affected versions are AngularJS 1.3.0 and later...

CVE-2023-32003

CVE-2023-32003 is described in the connected F5 advisory as a path-traversal flaw in Node.js 20's experimental permission model, where fs.mkdtemp() and fs.mkdtempSync() lack a necessary permission-check, allowing a malicious actor to create an arbitrary directory. The impact is limited to users e...

CVE-2022-30952

CVE-2022-30952 affects Jenkins Pipeline SCM API for Blue Ocean Plugin (

CVE-2018-10858

The connected documents confirm CVE-2018-10858 is a heap-buffer overflow in Samba client handling of extra-long filenames in directory listings, enabling arbitrary code execution on a Samba client. Affected versions include Samba before 4.6.16, 4.7.9, and 4.8.4. Mitigation/patches: updates to fix...

CVE-2018-5430

CVE-2018-5430 affects TIBCO JasperReports Server family (including Community Edition, ActiveMatrix BPM, AWS variants) with Spring web flows information disclosure. Exploitable by any authenticated user to read-only access to the web application’s contents, including key configuration files. Affec...

CVE-2012-2705

The CVE-2012-2705 entry concerns the Drupal Smart Breadcrumb module (6.x-1.x) prior to 6.x-1.3. The root cause is that filter_titles() fails to properly filter user-supplied titles to plain-text, enabling cross-site scripting (XSS) by remote authenticated users who have create or edit node permis...

CVE-2021-46925

CVE-2021-46925 affects the Linux kernel in the net/smc path. The issue is a race between smc_cdc_tx_handler() and smc_release() that can lead to a kernel panic or use-after-free when smc_cdc_tx_handler() accesses an smc_sock that has already been freed. The provided description documents a crash ...

CVE-2023-35311

Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.

CVE-2021-43565

The CVE-2021-43565 vulnerability affects golang.org/x/crypto’s x/crypto/ssh: the package before 0.0.0-20211202192323-5770296d904e can cause an SSH server to panic. The issue is tied to the x/crypto/ssh component and is triggered by the cited pre-release version of the package. A patched version e...

CVE-2008-4250

The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...

CVE-2025-25065

CVE-2025-25065 : A SSRF flaw in the RSS feed parser of Zimbra Collaboration affects 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4. The issue allows unauthorized redirection to internal network endpoints via the RSS parser. Root cause and impact are described in the provid...

CVE-2022-42252

CVE-2022-42252 affects multiple Tomcat series (8.5.0–8.5.82, 9.0.0-M1–9.0.67, 10.0.0-M1–10.0.26, 10.1.0-M1–10.1.0). The issue: if rejectIllegalHeader is false (default on 8.5.x), Tomcat may fail to reject a request with an invalid Content-Length header, enabling a request-smuggling scenario when ...

CVE-2022-25636

CVE-2022-25636 affects the Linux kernel (5.4–5.6.10) via an out-of-bounds heap write in net/netfilter/nf_dup_netdev.c related to nf_tables_offload. This enables local privilege escalation. The connected documents confirm the affected range and the heap OOB write, but do not provide a detailed fix...

CVE-2020-14040

CVE-2020-14040 affects golang.org/x/text/encoding/unicode and golang.org/x/text/transform in the x/text package for Go, with a vulnerability in encoding/unicode that can cause the UTF-16 decoder to enter an infinite loop, potentially crashing or exhausting memory when a single byte is supplied to...

CVE-2021-46910

CVE-2021-46910 relates to the Linux kernel’s kmap_local(): when CONFIG_DEBUG_KMAP_LOCAL=y, per-CPU fixmap slots are doubled, causing the fixmap region to grow downwards and potentially collide with the virtual DT mapping. The documented impact is a local exploit path leading to kernel instability...

CVE-2022-21607

CVE-2022-21607 is a vulnerability in Oracle MySQL Server, specifically in the Server: Optimizer component. Affected are MySQL Server versions up to and including 8.0.28 (and prior). The flaw is exploitable by a high-privilege attacker who can reach the server over the network via multiple protoco...

CVE-2010-3904

CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...

CVE-2021-46912

The CVE-2021-46912 entry describes a Linux kernel vulnerability where tcp_allowed_congestion_control is global and writable, allowing cross-namespace leakage. A fix was applied to make tcp_allowed_congestion_control readonly in non-init netns, addressing the per-net IPv4 congestion control sysctl...

CVE-2023-24532

CVE-2023-24532 involves the ScalarMult and ScalarBaseMult methods on the Go golang P256 curve. The vulnerability can yield an incorrect result when invoked with certain unreduced scalars larger than the curve order. The issue does not affect usages of crypto/ecdsa or crypto/ecdh. Public advisorie...

CVE-2022-27507

CVE-2022-27507 affects Citrix ADC and Citrix Gateway. Affected conditions require DTLS enabled and either HDX Insight for EDT traffic or SmartControl configured, leading to an authenticated denial-of-service. Vulnerable versions include Citrix ADC/Gateway 12.1 prior to 12.1-64.17, 13.0 prior to 1...

CVE-2022-28162

CVE-2022-28162 affects Brocade SANnav before version 2.2.0. The root cause is logging the REST API authentication token in plain text, potentially exposing credentials. Affected products are Brocade SANnav deployments prior to 2.2.0. Remediation is to upgrade to SANnav 2.2.0 or later (per the Bro...

CVE-2021-31535

CVE-2021-31535 affects libX11 (and related X.Org X components) where LookupCol.c handling of XLookupColor lacks proper length checks. An attacker can send color-name requests longer than protocol/packet limits, causing the server to parse extra X protocol requests and potentially execute arbitrar...