Vulnerabilites CVE

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable ...

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The app...

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0....

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics ...

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, b...

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace d...

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files ...

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during t...

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte r...

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs[].displayName, inputs[].descriptio...

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `PO...

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file ...

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memo...

A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argumen...

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessibl...

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the ar...

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data withou...

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference (IDOR) vulner...

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to ...

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of t...

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. I...

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFi...

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} ...

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/edit...

In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-aut...

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the doma...

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_u...

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP re...

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential wil...

Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer ti...

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedl...

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU t...

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/playlistsVideos.json.php` endpoint returns the full video contents of any playlist by ID without any au...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json.php` endpoints in the Scheduler plugin lack any authentication check, while every other endpoint in...

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results i...

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter H...

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manip...

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:includ...

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulner...

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the comp...

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) excee...

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters...