Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform…
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS…
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, …
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of se…
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions…
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary com…
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vu…
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause a…
Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1…
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a m…
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.2…
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can b…
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, includ…
esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh’s `/http(s)` fetch route. The service tries to…
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub cl…
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows …
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's `i18n-update-pull` GitHub Actions workflow is vulnerable to JavaScript in…
Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load B…
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contrac…
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.