Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim b…
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stac…
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deseriali…
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr de…
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and…
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate …
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes all…
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is…
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buff…
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to impr…
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled val…
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Set…
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in t…
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request …
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET…