Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by …
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery (SSRF) vulnerability. The fix for CVE-2026-33992 added IP v…
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side vi…
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tok…
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability i…
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument…
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlag…
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads…
Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution pri…
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Mod…
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Mo…
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the…
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard…
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} l…
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is exp…
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescripto…
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes uplo…
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Fac…