Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. P…
A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the co…
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. T…
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. …
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If…
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the `get_file` method of the `Guest` module's `Get` contro…
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, ca…
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, …
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Loca…
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_exam…
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., Us…
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewi…
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doc…
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentica…