22103 matches found
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
...
Hercules Augeas fa.c re_case_expand null pointer dereference
...
RabbitMQ has XSS Vulnerability in an Error Message in Management UI
...
cifs.upcall makes an upcall to the wrong namespace in containerized environments
...
Chromium: CVE-2025-3074 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3073 Inappropriate implementation in Autofill
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3071 Inappropriate implementation in Navigations
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3069 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3068 Inappropriate implementation in Intents
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-3066 Use after free in Site Isolation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Microsoft Edge for iOS Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
Microsoft Edge for iOS Spoofing Vulnerability
User interface ui misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network...
jwt-go allows excessive memory allocation during header parsing
...
Stream HTTP wrapper truncates redirect location to 1024 bytes
...
Streams HTTP wrapper does not fail for headers with invalid name and no colon
...
Arbitrary File Overwrite in onnx/onnx
...
Stream HTTP wrapper header check might omit basic auth header
...
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
...
libxml streams use wrong content-type header when requesting a redirected resource
...
Header parser of http stream wrapper does not handle folded headers
...
CVE-2024-31745
...
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
...
Azure Health Bot Elevation of Privilege Vulnerability
An authenticated attacker can exploit an Server-Side Request Forgery SSRF vulnerability in Microsoft Azure Health Bot to elevate privileges over a network...
Azure Playwright Elevation of Privilege Vulnerability
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network...
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
...
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
...
Memory Exhaustion in Expr Parser with Unrestricted Input
...
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.
...
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
...
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
...
Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Qemu: vnc: null pointer dereference in qemu_clipboard_request()
...
Qemu: improper ide controller reset can lead to mbr overwrite
...
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
...
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
...
Vim vulnerable to potential data loss with zip.vim and special crafted zip files
...
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
...
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
...
Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos
...
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue
...
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...