Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Memory Corruption when retrieving output buffer with insufficient size validation.
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
Cryptographic issue while copying data to a destination buffer without validating its size.
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
Memory corruption while processing a frame request from user.
Memory corruption while preprocessing IOCTL request in JPEG driver.
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unpro…
A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipu…
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthent…
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subjec…
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hid…
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to writ…
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Perform…
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched rem…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistan…