366251 matches found
CVE-2025-20288 Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
CVE-2025-53094 ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...
CVE-2025-2745 AVEVA PI Web API Cross-site Scripting
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...
CVE-2025-5622 D-Link DIR-816 wirelessApcli_5g stack-based overflow
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli5g of the file /goform/wirelessApcli5g. The manipulation of the argument apclimode5g/apclienc5g/apclidefaultkey5g leads to stack-based buffer overflow. The attack...
CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...
CVE-2025-3488 WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode
The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2749 Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...
CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
CVE-2025-20029 BIG-IP iControl REST and tmsh vulnerability
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...
CVE-2025-22133 WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar,...
CVE-2025-0223 IObit Protected Folder IOCTL IURegistryFilter.sys 0x8001E010 null pointer dereference
A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...
CVE-2024-56198 path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...
CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability
...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
CVE-2024-52453 WordPress Library Bookshelves plugin <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through = 5.8...
CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
...
CVE-2024-6203 HaloITSM - Password Reset Poisoning
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...
CVE-2024-6242 Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40626 Stored Cross-site Scripting (XSS) vulnerability in Outline editor
Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...
CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability
...
CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...
CVE-2024-5971 Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
CVE-2024-20399 Cisco NX-OS Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-34820 WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1...
CVE-2024-36416 SuiteCRM v4 API Excessive log data DOS
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2024-35694 WordPress WPMobile.App plugin <= 11.41 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.41...
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...
CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...
CVE-2023-42119 Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...
CVE-2024-33851
phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...
CVE-2024-20758 Adobe Commerce | Improper Input Validation (CWE-20)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack...
CVE-2024-26759 mm/swap: fix race when skipping swapcache
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...
CVE-2024-24506
Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...
CVE-2024-29276
An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component...
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
CVE-2024-22100 MicroDicom DICOM Heap-based Buffer Overflow
MicroDicom DICOM Viewer versions 2023.3 Build 9342 and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability...
CVE-2024-1346 Weak MySQL database root password in LaborOfficeFree
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants...