Common Vulnerabilities and Exposures

Description HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing

Description Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an

Description An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR

Description An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign

Description Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged

Description NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s)

Description Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache

Description Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire `<

Description A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. References

Description Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) References https://www.gov.il/en/Departments/faq/cve_advisories For

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search

Description A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is

Description A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function

Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build

Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with

Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add

Description A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template

Description mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not

Description In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to

Description Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access

Description Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets

Description A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects

Description sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses

Description An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to