Vulnerabilites CVE

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attack...

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend ...

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release)...

Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket...

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestamp...

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in...

Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpCli...

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used wi...

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in t...

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricki...

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte wri...

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is pos...

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authenti...

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new ...

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an...

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS p...

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate...

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the in...

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influen...

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root priv...

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper serv...

In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a single...

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command inj...

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcode...

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authe...

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability i...

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation o...

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may b...

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argum...

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. Th...

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component ...

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql in...

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predic...

A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username c...

OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is uns...

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and in...

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known sta...

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results...

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute a...

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to...

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads...