| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24194 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data… | ||
| CVE-2026-24193 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code… | ||
| CVE-2026-24192 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges,… | ||
| CVE-2026-24191 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code… | ||
| CVE-2026-24190 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure,… | ||
| CVE-2026-24187 | Hig | 0.57 | 8.8 | 0.00 | May 26, 2026 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||
| CVE-2026-9562 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely.… | ||
| CVE-2026-8850 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | ||
| CVE-2026-48901 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||
| CVE-2026-48897 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||
| CVE-2026-48896 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||
| CVE-2026-48864 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a… | ||
| CVE-2026-48697 | Hig | 0.48 | 7.4 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA… | ||
| CVE-2026-48690 | Hig | 0.46 | 7.1 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size +… | ||
| CVE-2026-48126 | Hig | 0.46 | 8.2 | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the… | ||
| CVE-2026-45728 | Hig | 0.42 | 7.5 | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or… | ||
| CVE-2026-44729 | Hig | 0.50 | 8.7 | 0.00 | May 26, 2026 | Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using fileStream.pipe(res) without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers.… | ||
| CVE-2026-44680 | Hig | 0.45 | 7.6 | 0.01 | May 26, 2026 | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path… | ||
| CVE-2026-43982 | Hig | 0.50 | — | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp,… | ||
| CVE-2026-43981 | Hig | 0.46 | — | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests… | ||
| CVE-2026-40384 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | ||
| CVE-2026-24212 | Hig | 0.49 | 7.5 | 0.01 | May 26, 2026 | NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||
| CVE-2026-24162 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||
| CVE-2026-48692 | Hig | 0.53 | 8.1 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the… | ||
| CVE-2026-48688 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks… | ||
| CVE-2026-43935 | Hig | 0.46 | 8.1 | 0.00 | May 26, 2026 | e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks,… | ||
| CVE-2026-25112 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. | ||
| CVE-2026-9552 | — | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack… | |
| CVE-2026-9551 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is… | ||
| CVE-2026-9550 | Hig | 0.47 | 7.3 | 0.01 | May 26, 2026 | A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead… | ||
| CVE-2026-46368 | Hig | 0.57 | 8.8 | 0.03 | May 26, 2026 | luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An… | ||
| CVE-2026-45082 | Hig | 0.49 | 7.6 | 0.00 | May 26, 2026 | Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to… | ||
| CVE-2026-42785 | Hig | 0.47 | 7.2 | 0.01 | May 26, 2026 | OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute… | ||
| CVE-2026-42425 | Hig | 0.47 | 7.2 | 0.01 | May 26, 2026 | OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs… | ||
| CVE-2026-40034 | Hig | 0.44 | 7.8 | 0.00 | May 26, 2026 | gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in… | ||
| CVE-2026-40033 | Hig | 0.50 | 8.8 | 0.01 | May 26, 2026 | FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using… | ||
| CVE-2026-9544 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The… | ||
| CVE-2026-48133 | Hig | 0.49 | 7.5 | 0.05 | May 26, 2026 | When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. | ||
| CVE-2026-48132 | — | Hig | 0.53 | 8.1 | 0.02 | May 26, 2026 | The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary… | |
| CVE-2026-48131 | — | Hig | 0.53 | 8.1 | 0.03 | May 26, 2026 | The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related… | |
| CVE-2025-11482 | — | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service. | |
| CVE-2026-39661 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18. | ||
| CVE-2026-25713 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | ||
| CVE-2026-25104 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | ||
| CVE-2026-8047 | — | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device. | |
| CVE-2026-8046 | — | Hig | 0.53 | 8.1 | 0.00 | May 26, 2026 | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | |
| CVE-2026-44469 | — | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with… | |
| CVE-2026-44468 | — | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the… | |
| CVE-2026-9496 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and… | ||
| CVE-2026-9495 | Hig | 0.40 | 7.3 | 0.00 | May 26, 2026 | Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed… |
- risk 0.51cvss 7.8epss 0.00
NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges,…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure,…
- risk 0.57cvss 8.8epss 0.00
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely.…
- risk 0.49cvss 7.5epss 0.00
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
- risk 0.49cvss 7.5epss 0.00
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
- risk 0.49cvss 7.5epss 0.00
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
- risk 0.49cvss 7.5epss 0.00
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a…
- risk 0.48cvss 7.4epss 0.00
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA…
- risk 0.46cvss 7.1epss 0.00
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size +…
- risk 0.46cvss 8.2epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the…
- risk 0.42cvss 7.5epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or…
- risk 0.50cvss 8.7epss 0.00
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using fileStream.pipe(res) without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers.…
- risk 0.45cvss 7.6epss 0.01
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path…
- risk 0.50cvss —epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp,…
- risk 0.46cvss —epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests…
- risk 0.49cvss 7.5epss 0.00
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
- risk 0.49cvss 7.5epss 0.01
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
- risk 0.53cvss 8.1epss 0.00
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the…
- risk 0.49cvss 7.5epss 0.00
FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks…
- risk 0.46cvss 8.1epss 0.00
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks,…
- risk 0.51cvss 7.8epss 0.00
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is…
- risk 0.47cvss 7.3epss 0.01
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead…
- risk 0.57cvss 8.8epss 0.03
luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An…
- risk 0.49cvss 7.6epss 0.00
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to…
- risk 0.47cvss 7.2epss 0.01
OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute…
- risk 0.47cvss 7.2epss 0.01
OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs…
- risk 0.44cvss 7.8epss 0.00
gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in…
- risk 0.50cvss 8.8epss 0.01
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The…
- risk 0.49cvss 7.5epss 0.05
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
- risk 0.53cvss 8.1epss 0.02
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary…
- risk 0.53cvss 8.1epss 0.03
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related…
- risk 0.49cvss 7.5epss 0.00
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18.
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
- risk 0.49cvss 7.5epss 0.00
The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
- risk 0.53cvss 8.1epss 0.00
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
- risk 0.51cvss 7.8epss 0.00
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with…
- risk 0.51cvss 7.8epss 0.00
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the…
- risk 0.49cvss 7.5epss 0.00
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and…
- risk 0.40cvss 7.3epss 0.00
Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed…