Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate…
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a man…
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen…
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This is…
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations v…
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitra…
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked …
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this c…
In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a…
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the m…
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereferen…
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add validation in xe_vm_madvise_ioctl() to reject PAT ind…