Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache …
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an admin…
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in li…
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu…
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exe…
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the …
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, le…
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ar…
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument …
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argu…
A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token c…
A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in c…
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not pro…
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inte…
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.