Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerabili…
Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlle…
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alterna…
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Us…
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescap…
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQ…
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without …
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument …
A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index lea…
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attac…
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. …
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-…
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attacker…
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can s…
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send c…
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email param…
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[…
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers ca…