364911 matches found
CVE-2026-4193 D-Link DIR-823G goahead UpdateClientInfo access control
A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-66433
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...
CVE-2025-57350
The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...
CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
CVE-2025-47949 samlify SAML Signature Wrapping attack
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
CVE-2025-4844 FreeFloat FTP Server CD Command buffer overflow
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...
CVE-2025-0072 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Drive...
CVE-2025-4182 PCMan FTP Server BELL Command buffer overflow
A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...
CVE-2025-24336
SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2024-11993
Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...
CVE-2024-52424 WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through = 1.0...
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...
CVE-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...
CVE-2024-4741 Use After Free with SSL_free_buffers
Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...
CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
CVE-2024-42476 oauth CSRF vulnerability
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...
CVE-2024-39397 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file whic...
CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...
CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...
CVE-2024-21140
...
CVE-2024-6325 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by...
CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename=
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...
CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
...
CVE-2024-23562 HCL Domino is susceptible to an information disclosure vulnerability
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...
CVE-2024-23380 Use After Free in Graphics
Memory corruption while handling user packets during VBO bind operation...
CVE-2024-38359 Lightning Network Daemon Onion Bomb
The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...
CVE-2024-37158 Evmos is missing precompile checks
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...
CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability
...
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes ...
CVE-2024-36950 firewire: ohci: mask bus reset interrupts between ISR and bottom half
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...
CVE-2024-36928 s390/qeth: Fix kernel panic after setting hsuid
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...
CVE-2024-29850
Veeam Backup Enterprise Manager allows account takeover via NTLM relay...
CVE-2021-47401 ipack: ipoctal: fix stack information leak
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space or triggering an oops. Driver...
CVE-2024-33644 WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9...
CVE-2024-25743
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES...