CVE-2024-38202

CVE-2024-38202 describes an elevation of privilege in Windows Update that could allow a user with basic privileges to reintroduce mitigated vulnerabilities or bypass some VBS protections. The vulnerability requires an attacker to coax an Administrator or delegated user into performing a system re...

CVE-2023-33010

CVE-2023-33010 is a high-severity (CVSS 3.1: 9.8) buffer overflow in the ID processing function of Zyxel firewalls (ATP, USG FLEX, USG, ZyWALL/VPN) that can be exploited without authentication to cause DoS and remote code execution. Affected firmware ranges include Zyxel ATP 4.32–5.36 Patch 1, US...

CVE-2022-29555

CVE-2022-29555 affects the Deviceconnect microservice (Northern.tech Mender Enterprise) up to version 1.3.0, prior to 3.2.2, enabling Cross-Origin Websocket Hijacking. Attack vector is network; CVSSv3 base score 8.8 (HIGH) with UI required. Remediation: upgrade to Mender Enterprise 3.2.2 or later...

CVE-2022-0995

CVE-2022-0995 is an out-of-bounds memory write in the Linux kernel’s watch_queue event notification subsystem that can overwrite kernel state and may allow a local user to gain privileged access or cause a denial of service. Connected sources indicate affected kernel lines include 5.x series with...

CVE-2021-2194

CVE-2021-2194 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. The issue allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. No exploitation details are provided in the ...

CVE-2018-4300

The CVE-2018-4300 entry concerns the CUPS web interface session cookie being easily guessable on Linux, enabling unauthorized scripted access when the web interface is enabled. Affected versions are prior to 2.2.10, and the issue is mitigated by upgrading to v2.2.10 or newer. Multiple connected s...

CVE-2014-3214

CVE-2014-3214 affects ISC BIND prefetch in the server when a recursive nameserver is enabled (ISC BIND 9.10.0). A crafted DNS response can trigger an assertion failure and daemon exit, causing a denial of service. The NVD reports base metrics: CVSS v2 base score 5.0 (Medium) with network access a...

CVE-2026-25253

OpenClaw/OpenClaw (clawdbot/Moltbot) vulnerability CVE-2026-25253 arises from the Control UI reading gatewayUrl from the URL query and auto-opening a WebSocket to the attacker’s endpoint with the stored token, enabling token exfiltration and potential full gateway compromise. Root cause: applySet...

CVE-2023-30583

CVE-2023-30583 : In Node.js 20, the fs.openAsBlob() API can bypass the experimental permission model when the file system read restriction is enabled with --allow-fs-read, due to a missing check in fs.openAsBlob(). The description notes this as part of the experimental feature set. Remediation/fi...

CVE-2024-24919

CVE-2024-24919 is a zero-day-like vulnerability in Check Point Security Gateways (Remote Access VPN/Mobile Access blades) allowing unauthenticated remote readers to fetch arbitrary files via path traversal (e.g., aCSHELL/../../../../../../../etc/shadow). Public PoCs and in-the-wild mentions exist...

CVE-2024-28180

The CVE-2024-28180 entry describes a memory/CPU exhaustion flaw in jose’s JWE decompress logic, where Decrypt/DecryptMulti may blow up on large decompressed data. The advisory notes patches in jose upstream (versions 4.0.1, 3.0.3, 2.6.3). Connected Mariner records show this CVE being tracked acro...

CVE-2021-46937

The connected Nessus entry confirms CVE-2021-46937 affects the Linux kernel DAMON debugfs interface: repeated writes to the target_ids file increase pid reference counts without corresponding decreases, causing a memory leak of struct pid. The issue is fixed by a kernel patch that decrements PID ...

CVE-2023-45857

CVE-2023-45857 - Axios XSRF token exposure : The issue in Axios 1.5.1 causes the confidential XSRF-TOKEN stored in cookies to be included in the HTTP header X-XSRF-TOKEN for every request, potentially allowing an attacker to view sensitive information. The public metrics indicate a CVSS v3.1 base...

CVE-2022-22743

CVE-2022-22743 affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

CVE-2022-32999

CVE-2022-32999 affects the Python package cloudlabeling on PyPI, version 0.0.1. The vulnerability is a code execution backdoor introduced via the dependency on the request package, enabling an attacker to access sensitive user information and digital currency keys and to escalate privileges. Docu...

CVE-2021-3918

CVE-2021-3918 affects json-schema (kriszyp/json-schema) and is a Prototype Pollution vulnerability in the JSON Schema validator. Connected documents identify node-json-schema as affected with concrete remediation in Debian 10: package node-json-schema version 0.2.3-1+deb10u1 fixes the issue. Othe...

CVE-2021-27365

CVE-2021-27365 affects the Linux kernel iSCSI subsystem. The issue is a heap overflow in iSCSI data handling where certain iSCSI data structures lack proper length checks and can exceed PAGE_SIZE; an unprivileged, local user can send a Netlink message (up to the maximum Netlink message length) an...

CVE-2008-4300

CVE-2008-4300 affects a specific ActiveX control in adsiis.dll used by Microsoft Internet Information Services (IIS). The vulnerability allows remote attackers to cause a denial of service (browser crash) by sending a long string as the second argument to the GetObject method. The description not...

CVE-2025-52367

PivotX CMS 3.0.0 RC3 is affected by a Cross Site Scripting vulnerability in the title and subtitle fields that can lead to Remote Code Execution. The root cause, per exploit reports, is unsanitized data stored during page creation via PHP serialize in modules/pages_flat.php, with the vulnerabilit...

CVE-2021-46928

CVE-2021-46928 affects the Linux kernel on parisc: a trap7 (Instruction access rights) could leave the cr19 IIR register with a stale value. The patch fixes this by overwriting the stale IIR with the constant 0xbaadf00d when the trap occurs, preventing confusing dump values. The issue arises beca...

CVE-2022-1097

The CVE-2022-1097 entry concerns NSSToken objects that could be accessed unsafely across threads, causing a use-after-free and potentially exploitable crash. Affected products explicitly named in connected documents include Thunderbird (versions earlier than 91.8), Firefox (versions earlier than ...

CVE-2022-3509

CVE-2022-3509 concerns a parsing issue in protobuf-java (core and lite) textformat that, on inputs with multiple non-repeated embedded messages and repeated/unknown fields, can cause objects to flip between mutable/immutable forms and trigger long GC pauses, enabling a denial-of-service condition...

CVE-2022-3190

The CVE describes an infinite loop in the F5 Ethernet Trailer protocol dissector of Wireshark. Affected releases include Wireshark 3.6.0–3.6.7 and 3.4.0–3.4.15, where processing crafted captures or packet injections can cause a denial of service. Connected advisories corroborate the issue and ind...

CVE-2022-31000

The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...

CVE-2021-1544

CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...

CVE-2020-14179

CVE-2020-14179 affects Atlassian Jira Server/Data Center versions before 8.5.8 and 8.6.0 through 8.11.1. The vulnerability is an information disclosure in the /secure/QueryComponent!Default.jspa endpoint, allowing remote, unauthenticated attackers to view custom field names and custom SLA names. ...

CVE-2018-5745

CVE-2018-5745 affects BIND's managed-keys feature, causing an assertion failure (and possible server exit) when a trust anchor is rolled over to an unsupported key algorithm. Affected: BIND 9 series (various 9.9.x–9.13.x branches and preview releases). Impact: potential denial of service by crash...

CVE-2025-7775

CVE-2025-7775 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The CVE affects deployments where the appliance is configured as a Gateway (VPN VServer, ICA Proxy, CVPN, RDP Proxy) or AAA VServer, and also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC ...

CVE-2024-57723

CVE-2024-57723 affects lunasvg and is reflected in Fedora advisories for lunasvg/imhex (Fedora 42–44 updates). The segmentation fault in composition_source_over is addressed by updating lunasvg to a newer version and by unbundling/consuming the bundled plutovg in the ecosystem, followed by rebuil...

CVE-2024-9466

Palo Alto Networks Expedition (vulnerable up to 1.2.95; fixed in 1.2.96+) suffers a cleartext storage vulnerability that allows an authenticated attacker to reveal firewall usernames, passwords, and API keys. Affected component: storage of sensitive information in Expedition; root cause: storing ...

CVE-2021-46947

CVE-2021-46947 is a Linux kernel issue in the sfc (Solarflare) driver where efx->xdp_tx_queue_count can reflect too many uninitialized slots after probing, risking a NULL pointer dereference (e.g., when running ethtool -S). The root cause is that xdp_tx_queue_count starts at num_possible_cpus(...

CVE-2023-5090

CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...

CVE-2023-36758

CVE-2023-36758 is a Microsoft Visual Studio related elevation-of-privilege vulnerability. Public sources in the connected documents consistently describe it as a privilege-escalation issue affecting Visual Studio components (and related tooling) with an impact profile of gaining higher privileges...

CVE-2023-27992

CVE-2023-27992 affects Zyxel NAS326 (firmware before V5.21(AAZF.14)C0), NAS540 (before V5.21(AATB.11)C0), and NAS542 (before V5.21(ABAG.11)C0). It is a pre-authentication command-injection vulnerability allowing an unauthenticated attacker to remotely execute OS commands via crafted HTTP requests...

CVE-2022-35520

CVE-2022-35520 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 where the api.cgi component does not filter the hidden ufconf parameter, which exists in the CGI binary but not in POST data, enabling command injection on the /ledonoff.shtml page. Public references in the connected ...

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

CVE-2021-29450

CVE-2021-29450 affects WordPress: an authenticated user with at least contributor privileges could exploit a block in the WordPress editor to expose password-protected posts and pages. The issue has been patched in WordPress 5.7.1, with older affected versions addressed via minor releases. Remedi...

CVE-2021-21290

CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...

CVE-2020-9802

CVE-2020-9802 is a memory-related/logic issue in WebKit-based components where processing maliciously crafted web content may lead to arbitrary code execution. The initial Apple advisory links the vulnerability to multiple products and states that the issue is fixed in Apple iOS 13.5 and iPadOS 1...

CVE-2019-15605

CVE-2019-15605 describes HTTP request smuggling due to malformed Transfer-Encoding in Node.js contexts. Connected advisories show affected components as http-parser across various Linux distributions and Node.js builds, with remediation via updating http-parser (and related Node.js packages) to p...

CVE-2018-10903

The CVE-2018-10903 issue affects python-cryptography versions >=1.9.0 and

CVE-2023-21954

CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...

CVE-2022-41881

Netty CVE-2022-41881 concerns a StackOverflowError when parsing malformed crafted messages due to infinite recursion in the HAProxyMessageDecoder. The issue affects Netty versions before 4.1.86.Final and can lead to denial of service through resource exhaustion. The vulnerability is fixed in 4.1....

CVE-2022-34776

The CVE-2022-34776 entry concerns the Tabit giftcard system, where several web APIs expose sensitive user data without authorization. Affected component is the web API layer that returns health statements, prior bills for a restaurant, and drinking/smoking habits, with each API URL including Mong...

CVE-2022-30616

Summary: CVE-2022-30616 affects IBM Robotic Process Automation and IBM RPA for Cloud Pak/Service, with versions prior to 21.0.3 vulnerable. A privileged user could elevate privileges to platform administrator by manipulating APIs. Impact: high (privilege escalation) with CVSS base scores in the h...

CVE-2022-31102

Argo CD (GitOps for Kubernetes) is affected by a cross-site scripting (XSS) vulnerability in versions 2.3.0–2.3.6 and 2.4.0–2.4.4 that allows arbitrary JavaScript in the /auth/callback page when SSO is enabled. Exploitation requires access to the API server’s encryption key, a method to inject a ...

CVE-2020-7676

CVE-2020-7676 is an AngularJS XSS vulnerability. AngularJS prior to 1.8.0 allows cross-site scripting due to regex-based HTML sanitization that may revert to unsanitized code; wrapping option elements in select can alter parsing and lead to unsanitized content being rendered. Connected documents ...

CVE-2020-9488

CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...

CVE-2014-2667

CVE-2014-2667: Race condition in Python’s Lib/os.py _get_masked_mode when exist_ok is true across Python 3.2–3.5. The issue allows local users to bypass intended file permissions by exploiting a separate application vulnerability before the process umask is set. Connected OpenVAS entries corrobor...

CVE-2026-33870

Netty HTTP request smuggling vulnerability (CVE-2026-33870) arises from how Netty versions prior to 4.1.132.Final and 4.2.10.Final parse quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. The IBM and OSS/Ecosystem advisories in the connected...