6578 matches found
MongoDB -- Malformed wire protocol messages may cause mongos to crash
[email protected] reports: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7...
electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site Scripting XSS through improper rendering of certain file types Admin Privileges Persists After Role is Revoked External user can access internal projects Prompt injection in Amazon Q integration may allow...
py-matrix-synapse -- federation denial of service via malformed events
element-hq/synapse developers report: A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild...
openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2
Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a...
Grafana -- Authorization bypass in data source proxy API
Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...
electron{33,34} -- Type Confusion in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-1920...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 401029609 Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05...
Grafana -- DOM XSS vulnerability
Grafana Labs reports: An external security researcher responsibly reported a security vulnerability in Grafana’s built-in XY chart plugin that is vulnerable to a DOM XSS vulnerability. The CVSS score for this vulnerability is 6.8 MEDIUM...
expat: improper restriction of xml entity expansion depth
[email protected] reports: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack...
php -- Multiple vulnerabilities
php.net reports: CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 Reference counting in phprequestshutdown causes Use-After-Free. CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc libxml streams use wrong content-type header when requesting a redirected resource. CVE-2025-1736: Streams: Fixed...
shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages
The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which corrects a parameter manipulation vulnerability when using SAML bindings that rely on non-XML signatures. The Shibboleth Service Provider is impacted by this issue, and it manifests as a critical...
libxslt -- multiple vulnerabilities
CVE-2024-55549 Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2025-24855 Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in...
gitea -- Multiple vulnerabilities
[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...
vim -- potential data loss with zip.vim and specially crafted zip files
Vim reports: See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf...
suricata -- Multiple vulnerabilities
Suricate team reports: Multiple vulnerabilities CVE-2025-29915: Severity HIGH. The AFPACKET defrag option is enabled by default and allows AFPACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which...
Gitlab -- Vulnerabilities
Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 398065918 High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21 400052777 High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2025-03-02 401059730 High CVE-TBD: Out of bounds...
electron33 -- multiple vulnerabilities
Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0445. Security: backported fix for CVE-2025-0995. Security: backported fix for CVE-2025-0998...
Jinja2 -- Sandbox breakout through attr filter selecting format method
[email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3495 / CVE-2025-27622 Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission Description Medium SECURITY-3496 / CVE-2025-27623 Encrypted values of secrets stored in view configuration...
mozilla -- memory corruption
[email protected] reports: Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
libreoffice -- Macro URL arbitrary script execution
[email protected] reports: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 14 security fixes: 397731718 High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao @Kipreyyy and Nan Wang @eternalsakura13 on 2025-02-20 391114799 Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in...
mozilla -- 64 bit JIT WASM read on left over memory
[email protected] reports: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...
mozilla -- memory corruption
[email protected] reports: CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...
mozilla -- multiple vulnerabilities
[email protected] reports: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Under certain...
mozilla -- use-after-free in WebTransport connection
[email protected] reports: It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash...
vim -- Improper Input Validation in Vim
[email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not...
electron32 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0445. Security: backported fix for CVE-2025-0998...
unit -- potential security issue
The NGINX Unit team reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module processes to enter an infinite loop and consume excess CPU. This was...
vim -- Potential code execution
vim reports: Summary Potential code execution with tar.vim and special crafted tar files Description Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Since commit 129a844 Nov 11, 2024 runtimetar: Update tar.vim to support...
Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...
php -- Multiple vulnerabilities
php.net reports: CVE-2025-1735: pgsql extension does not check for errors during escaping CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-1220: Null byte termination in hostnames...
electron{32,33} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0611. Security: backported fix for CVE-2025-0612. Security: backported fix for CVE-2025-0999...
Gitlab -- Vulnerabilities
Gitlab reports: XSS in k8s proxy endpoint XSS Maven Dependency Proxy HTML injection leads to XSS on self hosted instances Improper Authorisation Check Allows Guest User to Read Security Policy Planner role can read code review analytics in private projects...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2025-26594: Use-after-free of the root cursor The root cursor is referenced in the xserver as a global variable. If a client manages to free the root cursor, the internal reference points to freed memory and causes a use-after-free. CVE-2025-26595: Buffer overflow i...
glpi-project -- GLPI multiple vulnerabilities
[email protected] reports: CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The...
Navidrome -- Authentication bypass in Subsonic API
Deluan reports: In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error...
exim -- SQL injection
[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...
FreeBSD -- Multiple vulnerabilities in OpenSSH
Problem Description: OpenSSH client host verification error CVE-2025-26465 ssh1 contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service CVE-2025-26466 The OpenSSH clien...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...
cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability
Cisco reports: A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set SPS memory allocation and a subsequent non Instantaneous...
libxml2 -- Stack-based Buffer Overflow
[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...
exiv2 -- Use after free in TiffSubIfd
Kevin Backhouse reports: A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflo...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 394350433 High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee @0x10n on 2025-02-04 383465163 High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable and GF on 2024-12-11 390590778 Medium...
libxml2 -- Use After Free
[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft...
caldera -- Remote Code Execution
MITRE Caldera contributor report: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is...