Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan…
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privi…
Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:…
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M…
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability…
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input…
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint…
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding …
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security…
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_clone() function in all versions up to, and including, 6.3. This is due to insu…
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.