365230 matches found
CVE-2021-20327 MongoDB Node.js client side field level encryption library may not be validating KMS certificate
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...
CVE-2020-35910
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...
CVE-2020-14144
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...
CVE-2020-24361
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...
CVE-2020-11934 Sandbox escape vulnerability via snapctl user-open (xdg-open)
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
CVE-2020-12720
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control...
CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...
CVE-2019-19241
In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...
CVE-2019-17091
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2019-2481
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...
CVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type including non-privileged pods, subject to file permissions can access files/directories outside of the volume, including the host's filesyste...
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...
CVE-2015-2573
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL...
CVE-2015-0382
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381...
CVE-2014-6530
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP...
CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...
CVE-2013-5908
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling...
CVE-2013-0384
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema...
CVE-2013-0383
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking...
CVE-2012-5612
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service memory corruption and crash and possibly execute arbitrary code, as demonstrated using certain...
CVE-2012-1735
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...
CVE-2012-0540
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension...
CVE-2008-7056
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request...
CVE-2009-2620
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service daemon crash via a malformed opconnectrequest message that triggers an infinite loop or NULL pointer dereferen...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...
CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...
CVE-2026-49053 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...
CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver
Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
CVE-2026-7301 CVE-2026-7301
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...
CVE-2026-8786 Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...
CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
CVE-2026-0481
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
CVE-2024-21950
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...
CVE-2026-8612 WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...
CVE-2026-27886 Strapi may leak sensitive data via relational filtering due to lack of query sanitization
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...
CVE-2026-21730 Stored XSS in Verba
Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...
CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...
CVE-2026-44292 protobufjs: Prototype injection in generated message constructors
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...
CVE-2026-42950
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-6253 proxy credentials leak over redirect-to proxy
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...
CVE-2026-6929 JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...