365298 matches found
CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-3446 Base64 decoding stops at first padded quad by default
When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use...
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...
CVE-2026-32746
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2026-30931 ImageMagick has a heap-based buffer overflow in UHDR encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16...
CVE-2025-11669 Broken Access Control
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-14087 Glib: glib: buffer underflow in gvariant parser leads to heap corruption
A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
CVE-2025-5278 Coreutils: heap buffer under-read in gnu coreutils sort via key specification
A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...
CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...
CVE-2025-39399 WordPress License For Envato plugin <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows PHP Local File Inclusion.This issue affects License For Envato: from n/a through = 1.0.0...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The...
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...
CVE-2024-56036 WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ondrej Donek odPhotogallery od-photogallery-plugin allows Reflected XSS.This issue affects odPhotogallery: from n/a through = 0.5.3...
CVE-2024-44223
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window...
CVE-2024-10456 Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication...
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...
CVE-2024-21489
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...
CVE-2024-46982 Cache Poisoning in next.js
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....
CVE-2024-42905
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file...
CVE-2024-21147
...
CVE-2024-36252
Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed...
CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...
CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...
CVE-2024-34241
A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2024-32238
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface...
CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex
stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...
CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...
CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including...
CVE-2024-0232 Sqlite: use-after-free bug in jsonparseaddnodearray
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service...
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
...
CVE-2024-21622 Craft CMS Privilege Escalation
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...
CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
CVE-2023-46220
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...
CVE-2022-26943 Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...
CVE-2023-44390 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...
CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
CVE-2023-40577 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
CVE-2023-29330 Microsoft Teams Remote Code Execution Vulnerability
...
CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...
CVE-2022-42336
Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads...
CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV.
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...
CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability
...
CVE-2023-21718 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
...
CVE-2022-44702 Windows Terminal Remote Code Execution Vulnerability
...