Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to …
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with…
A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Pri…
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipu…
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet…
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Window…
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attr…
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload …
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to exec…
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authe…
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite p…
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes …
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into…
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process b…
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the Glo…
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue i…
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 …
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati…
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and by…
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, …