Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeate…
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true)…
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a…
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multip…
DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Cr…
A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cp…
A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_docume…
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-re…
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Defau…
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS i…
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techd…
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encod…
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run throug…
ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forw…
A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command …
A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is pos…
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, wh…
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the cli…
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper ser…
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, …