CVE / JVNDB Latest 100

Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

NanoMQ has a Use After Free vulnerability via sub info list

1-click Remote Code Execution (RCE) vulnerability in Eigent

SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret

Improper Neutralization of HTML Tags in a Web Page in libredesk

ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After

FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Open redirect endpoint in Datasette

GNU Barcode 0.99 Memory Leak Vulnerability in Command Line Processing

Conduit-derived homeservers are affected by a Confused Deputy and Improper Input Validation issue

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability

NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability

NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability

sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting

postmanlabs httpbin core.py cross site scripting

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

Alteryx Server status improper authentication

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

Hardcoding sensitive information

apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Gitea before 1.25.2 mishandles authorization for deletion of releases.

Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks.

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may bypass Gatekeeper checks.

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.

Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

TOZED ZLT M30s Web Management proc_post information disclosure

JD Cloud BE6500 jdcapi sub_4780 command injection

XSS in Verisay Communication's Titarus

itsourcecode Online Frozen Foods Ordering System contact_us.php sql injection

itsourcecode Online Frozen Foods Ordering System customer_details.php sql injection

itsourcecode Student Management System student_p.php sql injection

Tenda CH22 public path traversal

An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.

A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the <head> section, allowing remote attackers to inject arbitrary script tags.

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.

An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability

NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability

Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Improper Input Validation

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Insufficient certificate validation

Inadequate account permissions management

Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex

XSS in IBM Aspera Faspex

Time-of-check Time-of-use (TOCTOU) in IBM Concert Software.

UTT 进取 512W formPictureUrl strcpy buffer overflow

UTT 进取 512W ConfigExceptMSN strcpy buffer overflow

sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting

simstudioai sim CRON Secret internal.ts improper authentication

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

OpenOps before 0.6.11 allows remote code execution in the Terraform block.

Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.

Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.

Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.

Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.

XSS in Verisay Communication's Trizbi

XSS in Verisay Communication's Aidango

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.

Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion