Vulnerabilites CVE

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medi...

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML pag...

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting ...

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Lo...

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Lo...

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation...

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The m...

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py ...

yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop cond...

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-We...

A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Ap...

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the arg...

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixe...

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the ...

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/medi...

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/acti...

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET ...

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Suc...

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Modul...

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Atta...

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can ...

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed...

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthor...

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 strin...

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively lo...

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially craf...

An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  r...

An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control o...

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers ca...

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class i...

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using a...

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send POST reque...

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_e...

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers c...

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in sta...

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local ...

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_i...

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID resul...

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of th...

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "ti...

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att...

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argume...

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the arg...

A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the ...

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File ...

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t...