355988 matches found
CVE-2026-33245
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-1829
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2026-10702
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...
CVE-2026-10701
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3...
CVE-2026-28299
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10616
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
CVE-2026-10608
A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...
CVE-2026-10607
A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-64390
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...
CVE-2026-10584
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...
CVE-2021-4478
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2021-4479
Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload th...
CVE-2019-25722
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
CVE-2019-25724
Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manu...
CVE-2019-25723
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25721
Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...
CVE-2026-49943
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...
CVE-2026-42074
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...
CVE-2026-42073
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...
CVE-2026-40713
Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure...
CVE-2026-40571
NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...
CVE-2026-40715
Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...
CVE-2026-40314
NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...
CVE-2026-35447
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...
CVE-2026-35443
NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...
CVE-2026-33244
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...
CVE-2026-24221
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure...
CVE-2026-24237
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
CVE-2026-10606
A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...
CVE-2026-1871
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...
CVE-2026-0611
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...
CVE-2024-42206
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-9522
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...
CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
CVE-2026-49754
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-48861
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...
CVE-2026-48862
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
CVE-2026-45685
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...
CVE-2026-45683
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kerne...
CVE-2026-45686
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...
CVE-2026-47117
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
CVE-2026-45679
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...
CVE-2026-45682
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...
CVE-2026-45678
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...
CVE-2026-45681
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...