68528 matches found
CVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
CVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
CVE-2025-53922
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...
CVE-2025-50681
igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...
CVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
CVE-2025-14847
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-68390
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...
CVE-2025-68384
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...
CVE-2025-34450
merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...
CVE-2025-34449
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...
CVE-2025-34451
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...
CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
CVE-2025-59529
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
CVE-2023-53943
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...
CVE-2025-68469
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...
CVE-2025-68325
In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...
CVE-2025-68323
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...
CVE-2025-68324
In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...
CVE-2025-14861
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...
CVE-2025-14744
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...
CVE-2025-14860
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...
CVE-2025-63757
Integer overflow vulnerability in the yuv2ya16Xctemplate function in libswscale/output.c in FFmpeg 8.0...
CVE-2025-65000
SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...
CVE-2025-64997
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
CVE-2025-14874
A flaw was found in Nodemailer. This vulnerability allows a denial of service DoS via a crafted email address header that triggers infinite recursion in the address parser...
CVE-2025-68463
Bio.Entrez in Biopython through 186 allows doctype XXE...
CVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...
CVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
CVE-2025-68461
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...
CVE-2025-14841
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...
CVE-2025-68118
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...
CVE-2025-67873
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...
CVE-2025-68114
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...
CVE-2025-43501
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43535
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2025-43529
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...
CVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-53000
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...
CVE-2025-14761
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...
CVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
CVE-2025-64520
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...
CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...
CVE-2025-52582
An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
CVE-2025-48429
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-68146
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...