Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen…
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.
The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload …
The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (incl…
The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and the…
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, …
K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`
A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped t…
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer in…
Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potent…
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potential…
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a…
Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would d…
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing…
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject J…
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XP…
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing …