Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` fu…
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 an…
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects S…
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past t…
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_fields_action() function in all versions…
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-fa…
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as …
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The confi…
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched i…
The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cro…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affect…
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This i…
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.