Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An…
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory…
HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an exc…
HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to inter…
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach th…
HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses…
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow…
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote…
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unau…
HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during aut…
An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper u…
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private…
AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Att…
AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside s…
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes pred…
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu…
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because …
stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limi…
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts…
Inconsistent interpretation of HTTP requests (HTTP response smuggling) vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on…