CVE-2021-31535

CVE-2021-31535 affects libX11 (and related X.Org X components) where LookupCol.c handling of XLookupColor lacks proper length checks. An attacker can send color-name requests longer than protocol/packet limits, causing the server to parse extra X protocol requests and potentially execute arbitrar...

CVE-2019-11135

CVE-2019-11135 is a TSX Transactional Synchronization Extensions-related vulnerability in Intel CPUs causing potential information disclosure via a side channel when TSX Acknowledges an abort. The connected documents describe a subsequent issue (CVE-2019-19338) in the fix path for CVE-2019-11135 ...

CVE-2019-13565

CVE-2019-13565 affects OpenLDAP 2.x before 2.4.48. The issue arises when using SASL authentication with session encryption and relying on SASL security layers in slapd ACLs, allowing access that would normally be denied via a simple bind for identities covered by the ACLs. After the first SASL bi...

CVE-2019-13636

CVE-2019-13636 affects GNU patch; the vulnerability arises from mishandling of following symlinks in inp.c and util.c in certain cases beyond input files. Public references describe potential for arbitrary file access/overwrite and, per Debian, shell command injection or escape from the working d...

CVE-2025-62718

Axios prior to 1.15.0 has a hostname normalization flaw when evaluating NO_PROXY rules. Requests to loopback addresses (e.g., localhost with a trailing dot or IPv6 [::1]) can bypass NO_PROXY and be routed through the configured proxy. This bypass enables potential proxy circumvention and SSRF aga...

CVE-2024-6232

CVE-2024-6232 affects CPython: tarfile.TarFile header parsing RegEx backtracking causes a ReDoS, with a base score of 7.5 (HIGH). Attack vector is NETWORK and requires no privileges or user interaction. Impact is listed as Availability impact being HIGH; Confidentiality/Integrity are NONE. The is...

CVE-2022-25636

CVE-2022-25636 affects the Linux kernel (5.4–5.6.10) via an out-of-bounds heap write in net/netfilter/nf_dup_netdev.c related to nf_tables_offload. This enables local privilege escalation. The connected documents confirm the affected range and the heap OOB write, but do not provide a detailed fix...

CVE-2020-10713

CVE-2020-10713 affects GRUB2 prior to 2.06. The flaw allows an attacker to hijack/tamper the GRUB verification process and bypass Secure Boot, enabling arbitrary code execution during boot when a crafted grub.cfg is processed. Exploitation requires local access or access to modify boot/network se...

CVE-2020-12888

CVE-2020-12888 affects the Linux kernel VFIO PCI driver (through 5.6.13) and arises from improper handling of accesses to disabled MMIO space. A local attacker or a guest VM with VFIO access could trigger a denial of service or crash by exploiting writes/reads to disabled memory regions. Connecte...

CVE-2020-7062

CVE-2020-7062 affects PHP core upload progress handling: when upload progress tracking is enabled but session.upload_progress.cleanup is 0 and a file upload fails, the cleanup code dereferences a non-existent data structure, potentially crashing the process. Affected PHP versions are 7.2.x < 7...

CVE-2019-11768

phpMyAdmin prior to 4.9.0.1 is affected by an SQL injection via the Designer feature triggered by a specially crafted database name. The issue is fixed in 4.9.0.1 (and later per advisories). Impact per sources includes potential high-severity consequences; upgrade to 4.9.0.1 or newer to remediate.

CVE-2010-1256

CVE-2010-1256 is an IIS memory-corruption vulnerability (IIS 6.0/7.0/7.5) tied to Extended Protection for Authentication. A remote attacker could execute arbitrary code by abusing how authentication information is parsed, when Extended Protection is enabled (KB973917). Microsoft MS10-040 fixes th...

CVE-2008-4250

The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...

CVE-2024-57432

The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

CVE-2021-25764

PhpStorm (JetBrains) before 2020.3 is affected: the issue lets source code be written into debug logs (“Source code could be added to debug logs”). The vulnerability affects PhpStorm’s logging path and can lead to information disclosure via logs. The issue is tracked as CVE-2021-25764. Remediatio...

CVE-2013-4786

CVE-2013-4786 is an IPMI 2.0 vulnerability where RAKP authentication can leak HMAC data, enabling an attacker with IPMI network access to obtain password hashes and potentially hijack or replay BMC sessions. CERT notes that an unauthenticated attacker on the BMC network can predict session identi...

CVE-2024-3833

CVE-2024-3833 is a Chrome/Chromium WebAssembly object-corruption vulnerability (via a crafted HTML page) tracked as high-severity, with reported fixes in Chromium 124.0.6367.60 and later (ChromeOS notes cite 124.0.6367.95; Debian security advisories list 124.0.6367.60 as the fixed version). Affec...

CVE-2023-22068

CVE-2023-22068 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.34 and earlier, and 8.1.0. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (DoS). No explicit exploitation details are provided beyond this claim. Remediation:...

CVE-2018-18809

TIBCO JasperReports Library and related JasperReports Server components are affected by a directory traversal vulnerability (CVE-2018-18809) in their default server implementations. The issue could allow web server users to access contents of the host system via specially crafted URL requests con...

CVE-2025-26409

Wattsense Bridge devices are affected. A serial interface accessible with physical access to the PCB can grant bootloader access and a Linux login prompt, enabling a root shell via the bootloader. This stems from exposed serial/bootloader interfaces on the device when physically tampered. The iss...

CVE-2023-52440

CVE-2023-52440 affects the ksmbd component of the Linux kernel. Root cause: a slub overflow in ksmbd_decode_ntlmssp_auth_blob() when authblob->SessionKey.Length exceeds CIFS_KEY_SIZE, enabling overflow during key exchange (cifs_arc4_crypt copies from SessionKey). The fix introduces bounds prot...

CVE-2023-22103

CVE-2023-22103 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.34 and earlier, and 8.1.0. Attack via network with high privileges can cause a hang or frequent crash (DoS) of MySQL Server. CVSS v3.1 base score 4.9 (Availability). Remediation: upgrade to a fixed package/version...

CVE-2023-4428

CVE-2023-4428 affects Chromium-based browsers (Chrome/Chromium) and relates to an out-of-bounds memory access in CSS that could allow a remote attacker to read memory via a crafted HTML page. The issue is classified with high severity and a network attack vector, with user interaction required. T...

CVE-2023-29357

CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege vulnerability. The root cause is an incorrect authentication implementation that allows an unauthenticated attacker to spoof JWT authentication tokens, enabling them to execute with administrator privileges on affected SharePo...

CVE-2022-21641

Summary (from provided sources): CVE-2022-21641 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.29 and earlier. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols and can lead to a hang or a...

CVE-2025-46565

CVE-2025-46565 (Vite) affects Vite < 6.3.4, < 6.2.7, < 6.1.6, < 5.4.19, and

CVE-2025-25740

CVE-2025-25740 affects D-Link DIR-853 A1 with FW1.20B07. It is a stack-based buffer overflow in SetQuickVPNSettings triggered by the PSK parameter. CNVD describes it as causing denial of service; no exploit details are provided in the supplied documents.

CVE-2025-22994

CVE-2025-22994 affects O2OA version 9.1.3, with a Cross Site Scripting (XSS) flaw in the Meetings – Settings area. The available sources confirm the issue but do not provide details on the root cause specifics or a verified patch/version that fixes it. The connected documents do not expose a conc...

CVE-2020-15801

CVE-2020-15801 (Siemens SIMATIC S7-1500) : The Tenable plugin for Tenable OT documents a vulnerability affecting the SIMATIC S7-1500 family (CPU 1518-4 PN/DP MFP, SIPLUS variants) with all versions prior to V3.1.0. The issue stems from Python 3.8.4 behavior: sys.path restrictions in python38._pth...

CVE-2022-41724

CVE-2022-41724 describes a vulnerability where large TLS handshake records may cause panics in crypto/tls implementations. Affected are Go TLS clients (including TLS1.3 and TLS1.2 with session resumption) and TLS1.3 servers that request client certificates. Technical cause is panics when construc...

CVE-2022-31081

CVE-2022-31081 affects the Perl HTTP::Daemon library. Versions prior to 6.15 are vulnerable due to improper handling of the Content-Length header, which could enable HTTP request smuggling and potentially allow privileged access to APIs or poisoning of intermediate caches. The issue is documented...

CVE-2020-14323

Affects Samba Winbind in Samba; root cause is a null pointer/invalid lookupsids path leading to a crash and DoS. Affected versions are prior to 4.11.15, prior to 4.12.9, and prior to 4.13.1. Remediation is to upgrade to a fixed Samba release (e.g., 4.13.x line such as 4.13.3 per AlmaLinux advisor...

CVE-2020-13934

CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...

CVE-2019-15505

CVE-2019-15505 affects the technisat-usb2 media driver in Linux kernels up to 5.2.9. The issue arises from improper validation of incoming IR packets, leading to a heap buffer over-read. An attacker capable of adding USB devices (potentially via remote USB technologies like usbip/usbredir) could ...

CVE-2019-11478

CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...

CVE-2018-1002105

CVE-2018-1002105 affects Kubernetes: before versions v1.10.11, v1.11.5, and v1.12.3, the kube-apiserver mishandles error responses to proxied upgrade requests. This flaw lets specially crafted requests establish a connection through the API server to backends and then send arbitrary requests over...

CVE-2017-7659

The CVE-2017-7659 issue affects the Apache HTTP Server (mod_http2) where a malicious HTTP/2 request could dereference a NULL pointer and crash the server process. Concrete details across connected docs show this vulnerability in Apache httpd before a fixed release (2.4.26) and are addressed by va...

CVE-2005-3299

The CVE-2005-3299 entry describes a PHP file inclusion (local inclusion) vulnerability in phpMyAdmin 2.6.4 and 2.6.4-pl1, caused by improper validation of the $__redirect parameter in libraries/grab_globals.lib.php, potentially involving the subform array. This allows remote attackers to include ...

CVE-2022-29526

CVE-2022-29526 is a privilege-assignment flaw in Go’s Faccessat path (go1.17.10 and go1.18.2 fixes cited in initial description). The provided connected documents confirm this CVE affects multiple downstream packages (e.g., buildah, podman, cni, containernetworking-plugins, golang, sriov-network-...

CVE-2018-14647

CVE-2018-14647 affects Python’s elementtree C accelerator, which failed to initialize Expat’s hash salt. This can enable denial-of-service attacks by triggering pathological hash collisions in Expat’s internal structures, consuming CPU and RAM. Affected versions include Python 3.7.0, 3.6.0–3.6.6,...

CVE-2018-10549

PHP contains an out-of-bounds read in exif_read_data() (ext/exif/exif.c) when parsing crafted JPEG data due to MakerNote handling lacking a final '\0' character. Affected are PHP 5.6.x up to 5.6.36, 7.0.x up to 7.0.30, 7.1.x up to 7.1.17, and 7.2.x up to 7.2.5. Impact: potential reads beyond boun...

CVE-2018-1000156

GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...

CVE-2011-4969

CVE-2011-4969 : XSS in jQuery prior to 1.6.3 when using location.hash to select elements. A remote attacker could inject arbitrary script/HTML into a page. Affected: jQuery versions before 1.6.3. Remediation: upgrade to 1.6.3 or later (patches/fixes cited by IBM and vendor advisories). Public ref...

CVE-2025-49132

Summary (CVE-2025-49132) Pterodactyl Panel versions up to 1.11.10 are affected by an unauthenticated remote code execution via the /locales/locale.json endpoint, where locale and namespace query parameters are passed to PHP include() unsafely. The vulnerability can lead to local file inclusion an...

CVE-2023-36417

CVE-2023-36417 is a Remote Code Execution vulnerability affecting the Microsoft SQL Server OLE DB Driver. The Nessus entries and Microsoft advisories indicate an RCE in the SQL OLE DB component that can enable authentication bypass and arbitrary command execution. The issue has been addressed in ...

CVE-2022-29130

Technical details about CVE-2022-29130 are not provided in the connected documents. Publicly available information in the initial entry is limited to high‑level descriptors; no product/version/impact/fix specifics are included here. Monitor for official updates.

CVE-2021-34558

CVE-2021-34558 affects the Go crypto/tls implementation. In Go up to 1.16.5, the certificate public-key type is not properly validated for RSA-based key exchanges, allowing a TLS server to trigger a panic in the client. Several connected advisories link this to Go’s TLS handling and note remediat...

CVE-2020-15049

CVE-2020-15049 affects Squid up to 4.12 and 5.x up to 5.0.3. It enables a Request Smuggling and Poisoning attack against the HTTP cache by sending Content-Length values with a prefix like +, - or uncommon whitespace. Affected component: http/ContentLengthInterpreter.cc. Impact: potential cache po...

CVE-2019-18218

CVE-2019-18218 is a concrete issue affecting the file utility: cdf_read_property_info in cdf.c (up to version 5.37) does not cap the number of CDF_VECTOR elements, enabling a heap-based buffer overflow (4-byte out-of-bounds write). Public advisories (Arch Linux ASA-202001-2, ALAS-2019-1326/1370, ...