366824 matches found
CVE-2024-4068 Memory Exhaustion in braces
The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...
CVE-2023-2359 Revolution Slider <= 6.6.12 - Author+ Remote Code Execution
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations...
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
CVE-2021-30480
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat...
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...
CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...
CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
CVE-2008-7253
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...
CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability
...
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...
CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack
In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...
CVE-2025-43561 ColdFusion | Incorrect Authorization (CWE-863)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and...
CVE-2025-31125 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. This vulnerability is fixed in 6.2.4, 6.1.3,...
CVE-2022-41573
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution...
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...
CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...
CVE-2023-51767
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
CVE-2023-4194 Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...
CVE-2020-15906
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts...
CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
CVE-2026-6805 Vulnerability on Cryptobox external sharing feature
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...
CVE-2026-22616
Eaton Intelligent Power Protector IPP software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre...
CVE-2025-12480
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...
CVE-2025-54948
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...
CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
CVE-2025-32814
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur...
CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
...
CVE-2024-49818 IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database...
CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...
CVE-2014-7883
HP Universal CMDB UCMDB Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response...
CVE-2010-0425
modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...
CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are vulnerable to cross-site scripting...
CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...
CVE-2026-42519
A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...
CVE-2025-57738 Apache Syncope: Remote Code Execution by delegated administrators
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...
CVE-2025-10242
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-58320 DIALink - Directory Traversal Authentication Bypass Vulnerability
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability...
CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
CVE-2025-9377 Authenticated RCE via Parental Control command injection
The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...