365256 matches found
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoringprocessregistration function. This makes it possible for unauthenticated...
CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-7784 RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
CVE-2026-7741 CodeAstro Online Classroom studentlogin sql injection
A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...
CVE-2026-7724 PrefectHQ prefect Webhook/Notification validate_restricted_url toctou
A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...
CVE-2026-21728 Tempo query limit results in unbounded memory allocation
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
CVE-2026-4197 D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...
CVE-2026-28512 Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...
CVE-2025-69651
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...
CVE-2025-13079 Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it...
CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...
CVE-2026-1750 Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...
CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...
CVE-2025-57793 SQL Injection Vulnerability in Explorance Blue
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...
CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...
CVE-2025-71150 ksmbd: Fix refcount leak when invalid session is found on session lookup
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2022-50912 ImpressCMS 1.4.4 - Unrestricted File Upload
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the serv...
CVE-2025-10881 CATPRODUCT File Parsing Heap-Based Overflow Vulnerability
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero-length terminator as the stopping condition. If the...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog The ptpocpdetach only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timerdeletesync is not called. This leads to...
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks
A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...
CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53021
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...
CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
CVE-2025-5262
A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 139 and Thunderbird 128.11...
CVE-2025-4603 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files...
CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-4251 PCMan FTP Server RMDIR Command buffer overflow
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2023-53088 mptcp: fix UaF in listener shutdown
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...
CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability
...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
CVE-2025-31680 Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008
Cross-Site Request Forgery CSRF vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0...
CVE-2024-39365
Uncontrolled search path for the FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-22716 WordPress Taskbuilder Plugin <= 3.0.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows SQL Injection.This issue affects Taskbuilder: from n/a through = 3.0.6...
CVE-2025-23184 Apache CXF: Denial of Service vulnerability with temporary files
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients...
CVE-2024-54794
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...
CVE-2025-22130 Soft Serve allows path traversal attacks
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
CVE-2024-12344 TP-Link VN020 F3v(T) FTP USER Command memory corruption
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3vT TTV6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
CVE-2024-21539
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter
Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...
CVE-2024-33033 Use After Free in ComputerVision
Memory corruption while processing IOCTL calls to unmap the buffers...