Vulnerabilidades CVE

Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a...

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the ap...

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL s...

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to discl...

Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se...

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no a...

An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access...

Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can pas...

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string....

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows readi...

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, ...

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values....

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail an...

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Att...

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an sp...

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single ...

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull ...

Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask...

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbound...

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property...

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX express...

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionO...

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untru...

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have alread...

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission ...

Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Comin...

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash ...

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g., ...

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `arv_lb[message]` parameter in all versions up to, and including, 1.2 due to insufficient ...

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with wh...

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the ima...

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbe...

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown spe...

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip in...

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,...

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary...

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.