367128 matches found
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability
...
CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
...
CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2021-22908
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default...
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability
...
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access
A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2024-58274
Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...
CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...
CVE-2025-6978 Diagnostics command injection vulnerability
Diagnostics command injection vulnerability...
CVE-2025-6023
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01,...
CVE-2024-6409 Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...
CVE-2025-60344
A path traversal directory traversal vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution e.g., via sequences such as “../”. Successful exploitation may allow access to files outside of the...
CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow
A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2025-43984
An issue was discovered on KuWFi GC111 devices Hardware Version: CPE-LM321V3.2, Software Version: GC111-GL-LM321V3.020191211. They are vulnerable to unauthenticated /goform/goformsetcmdprocess requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary...
CVE-2024-53945
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...
CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...
CVE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
CVE-2021-26472 Unauthenticated remote command execution with SYSTEM privileges in Vembu products
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...
CVE-2021-22894
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2025-6507 Deserialization of Untrusted Data in h2oai/h2o-3
A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The vulnerability arises from the ability to...
CVE-2022-3265
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perfo...
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
...
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-2043 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1...
CVE-2025-34035 EnGenius EnShare IoT Gigabit Cloud Service Command Injection
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...
CVE-2025-2082 Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...
CVE-2026-25089
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2025-53119 Securden Unified PAM Unauthenticated Unrestricted File Upload
An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server...
CVE-2020-11023 Potential XSS vulnerability in jQuery
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...
CVE-2025-1758
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...