Vulnerabilites CVE

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huff...

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) i...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4...

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` e...

Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` com...

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in adva...

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded an...

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account pr...

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by Secu...

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to...

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection par...

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an u...

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages ...

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/s...

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser developmen...

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure comm...

Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included re...

Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection ...

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prev...

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenti...

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When p...

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently...

Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN an...

WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without...

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trust...

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management in...

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64...

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user cr...

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() ...

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read...

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compr...

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and the...

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerab...

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to det...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitr...

Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.s...

All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able t...

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escal...

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escal...

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading...

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit...

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with rem...

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit ...

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not ...

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to route...

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files o...

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash` cookie can force an unbounded allocation on any server. A crafted 10...