CVE-2025-4575 - OpenSSL x509 Command -addreject Option Mistakenly Adds Trust Instead of Rejection
CVE-2025-4918 - Exploiting Out-of-Bounds Read/Write on JavaScript Promise in Firefox and Thunderbird
CVE-2025-4802 - How Untrusted LD_LIBRARY_PATH in glibc Can Lead to Privilege Escalation in Setuid Binaries
CVE-2024-28956 - Exploiting Intel Microarchitecture to Leak Sensitive Data via Transient Execution
CVE-2025-32756 - Critical Stack-Based Buffer Overflow in Fortinet Appliances - Exploit Details and Practical Analysis
CVE-2025-4432 - How a Flaw in Rust’s ‘ring’ Exposes QUIC to Denial of Service (with Example Code and Exploit Details)
CVE-2022-49928 - Null Pointer Dereference in Linux Kernel’s SUNRPC xps sysfs Allocation
CVE-2025-46560 - vLLM Multimodal Tokenizer Quadratic Complexity Vulnerability — Explanation and Exploit
CVE-2025-30202 - vLLM Exposed — Denial of Service and Data Leakage via ZeroMQ XPUB Socket
CVE-2025-46653 - How a Weak Random Token in Formidable Puts Your Uploads at Risk
CVE-2025-46599 - K3s Kubernetes kubelet Exposes ReadOnlyPort 10255 and Leaks Cluster Secrets
CVE-2025-43864 - React Router SSR Cache Poisoning Vulnerability Explained
CVE-2025-43859 - How a Chunked Parsing Bug in h11 Could Let Attackers Smuggle HTTP Requests
CVE-2025-43965 - How ImageMagick MIFF Depth Mishandling Became a Real Threat (with Example Exploit)
CVE-2025-43967 - libheif NULL Pointer Dereference Exploit Explained with Example
CVE-2022-47111 - 7-Zip 22.01 and the XZ File Parsing Error Explained
CVE-2025-32953 - Token Leakage in z80pack's GitHub Actions Workflow Exposed Critical Repository Secrets
CVE-2025-27936 - How a Timing Attack Leaked MSTeams Plugin Webhook Secrets in Mattermost
CVE-2025-32911 - Exploiting Use-After-Free in libsoup’s soup_message_headers_get_content_disposition()
CVE-2025-32931 - Exploiting Command Injection in DevDojo Voyager (1.4.-1.8.) – A Deep Dive
CVE-2025-32914 - Out-of-Bounds Read in libsoup Allows Malicious HTTP Clients to Crash Servers
CVE-2025-32906 - Breaking Down the libsoup Out-of-Bounds Read Vulnerability
CVE-2025-31344 - Heap-based Buffer Overflow in openEuler giflib's gif2rgb.C (through 5.2.2) Explained
CVE-2025-3445 - Unpacking Danger — "Zip Slip" Path Traversal in mholt/archiver for Go
CVE-2025-2469 - Unauthenticated Access to Runtime Profiling Data in GitLab CE/EE
CVE-2025-32754 - How Insecure SSH Key Generation in jenkins/ssh-agent Docker Images Exposes Your Builds
CVE-2025-32728 - How OpenSSH's DisableForwarding Directive Fails to Block X11 and Agent Forwarding (with Exploit Example)
CVE-2025-32387 - Exploiting Stack Overflow via Malicious Chart Schemas in Helm – Explained
CVE-2025-22871 - How a Bare Line Feed (LF) in net/http Package Can Lead to Request Smuggling
CVE-2025-22014 - Deadlock in Linux Kernel QCOM PDR Subsystem (Full Analysis & Exploit Details)
CVE-2025-22009 - Linux Kernel `regulator: dummy` Race Condition and NULL Pointer Dereference
CVE-2025-30016: Critical Vulnerability in SAP Financial Consolidation Allows Unauthenticated Attackers Unauthorized Access to Admin Account
CVE-2025-20654 - Out-of-Bounds Write in WLAN Service May Lead to Remote Code Execution
CVE-2025-30406 - How Hackers Exploited Gladinet CentreStack’s Hardcoded machineKey for Remote Code Execution
CVE-2025-31115 - Critical Use-After-Free Bug in XZ Utils liblzma Multithreaded Decoder – What You Need to Know
CVE-2025-22002 - Linux Kernel netfs NULL Pointer Dereference Leading to Crash (Analysis and Exploitation)
CVE-2024-36469 - Timing Attack Reveals Valid Usernames via Login Responses
CVE-2025-31137 - How an Express Adapter Bug in React Router & Remix Put Your URLs at Risk
CVE-2025-22231 - Exploiting a Local Privilege Escalation in VMware Aria Operations
CVE-2025-30232 - Exploiting a Use-After-Free in Exim 4.96–4.98.1 for Privilege Escalation
CVE-2024-12905 - Path Traversal & Symlink Abuse in tar-fs Tar Extraction (Explained)
CVE-2022-49753 - Double Client Count Increment in Linux Kernel’s DMA Engine Could Lead to Resource Leaks (and Worse!)
CVE-2025-21877 - Endpoint Validation Vulnerability in GL620A USB Driver – Details, Fix, and Exploit Insight
CVE-2025-2867 - How a GitLab Duo + Amazon Q AI Vulnerability Could Leak Your Project Secrets
CVE-2024-9773 - How a Harbor Integration Flaw in GitLab EE Could Expose Your Cloud
CVE-2025-31160 - Atop ≤2.11. DoS Vulnerability – How Unprivileged Local Users Can Crash the Monitoring Tool
CVE-2025-27831 - Ghostscript DOCXWRITE/TXTWRITE Buffer Overflow Deep Dive
CVE-2025-24513 - Exploiting Directory Traversal in Kubernetes ingress-nginx Admission Controller
CVE-2025-30208 - Critical Arbitrary File Read in Vite Dev Server – Simple Exploit, Simple Fix
CVE-2025-29778 - Kyverno Keyless Signature Bypass Allows Full Kubernetes Compromise
CVE-2025-0927 - How a Heap Overflow in Linux Kernel's HFS+ Implementation Can Lead to System Compromise
CVE-2025-22228 - BCryptPasswordEncoder.matches() Vulnerability – How Passwords Longer Than 72 Characters Can Bypass Security
CVE-2024-56347 - IBM AIX 7.2/7.3 nimsh Service Remote Command Execution via Broken SSL/TLS Controls
CVE-2024-40635 - How a UID Overflow in containerd Let Containers Run as Root
CVE-2025-29786 - Expr Memory Exhaustion Vulnerability in Go – “How Large Expressions Crash Servers” (With Exploitation Details & Solutions)
CVE-2021-32584 - Exploiting FortiWLC Improper Access Control - An In-Depth Guide
CVE-2025-30066 - How Malicious Commits in tj-actions/changed-files Leaked GitHub Secrets
CVE-2025-29774 - How the xml-crypto Library for Node.js May Let Attackers Bypass XML Signature Verification
CVE-2025-1767 - Exploiting Deprecated Kubernetes In-Tree gitRepo Volume for Lateral Movement
CVE-2025-25292 - How ruby-saml’s XML Parser Difference Led to SSO Authentication Bypass
CVE-2025-25291 - Exploiting Authentication Bypass in ruby-saml via Signature Wrapping
CVE-2025-22870 - How IPv6 Zone IDs Can Bypass Proxy Rules in NO_PROXY — Analysis & Exploit Details
CVE-2025-21858 - Deep Dive Into the Linux Kernel geneve_find_dev() Use-After-Free Vulnerability
CVE-2025-27789 - Babel Regex Named Capture Groups Lead to Quadratic Performance Bug – How It Works & How to Fix
CVE-2023-52969 - Deep Dive into the MariaDB "Empty Backtrace" Crash Vulnerability
CVE-2025-25294 - Log Injection Vulnerability in Envoy Gateway Default Access Logging – Details, Exploit, and Fix
CVE-2025-1943 - Memory Safety Bugs in Firefox 135 and Thunderbird 135—What You Need to Know
CVE-2025-22224 - TOCTOU Vulnerability in VMware ESXi and Workstation Lets Attackers Escape VMs
CVE-2025-27220 - Breaking Down the CGI Ruby Gem ReDoS Vulnerability (Before .4.2)
CVE-2025-27219 - How a Cookie Parsing Bug in Ruby’s CGI Gem Threatens Your App – Exploit Details & Guide
CVE-2025-25724 - Buffer Overflow and DoS in libarchive’s list_item_verbose Function
CVE-2025-26466 - Exploiting an OpenSSH Ping Memory Leak for Denial of Service (DoS)
CVE-2025-21776 - Critical Linux Kernel USB Hub Vulnerability Explained
CVE-2025-21764 - Understanding the Recent Linux Kernel Use-After-Free Vulnerability in ndisc_alloc_skb() — Details, Code, and Exploit Analysis
CVE-2025-21756 - Critical Use-After-Free in Linux Kernel vsock — Deep Dive and Workable Exploit Example
CVE-2025-21718 - Exposing and Fixing a Critical Timer Race Condition in Linux Kernel's ROSE Protocol
CVE-2024-57979 - Linux Kernel “pps” Use-After-Free Vulnerability Explained
CVE-2024-53427 - Stack-based Buffer Overflow in jq Through 1.7.1 via decNumberCopy (Exploiting NaN Handling)
CVE-2022-49376 - Linux Kernel Vulnerability—NULL Pointer Dereference in SCSI sd_probe()
CVE-2022-49365 - Off-by-One Array Access Bug in Linux Kernel’s AMDGPU Driver Explained
CVE-2022-49371 - Exploiting and Understanding the Linux Kernel Deadlock in driver core `__device_attach`
CVE-2022-49368 - Out-of-Bounds Read Vulnerability in Linux Kernel’s mtk_eth_soc Driver
CVE-2022-49373 - Linux Kernel ts480_wdt Refcount Leak Explained and Exploited
CVE-2022-49370 - Understanding the Linux Kernel dmi-sysfs Memory Leak (with Exploit Details)
CVE-2022-49305 - Unraveling the Linux Kernel Deadlock in rtl8192u’s ieee80211_beacons_stop()
CVE-2022-49302 - Null Pointer Dereference in Linux Kernel USB Host (isp116x) – Explained Simply
CVE-2022-49301 - Uninitialized Data Use in Linux Kernel’s rtl8712 USB Driver (Explained Simply)
CVE-2022-49296 - Linux Kernel Ceph Deadlock Vulnerability Explained
CVE-2022-49282 - Critical Null Pointer Dereference in Linux F2FS Quota Sync Fixed
CVE-2022-49290 - mac80211 Double Free in Linux Kernel Mesh Join/Leave (Detailed Analysis & Exploit Walkthrough)
CVE-2022-49276 - Linux Kernel jffs2 Memory Leak in `jffs2_scan_medium` — Deep Dive and Exploit Path
CVE-2022-49277 - How a Memory Leak in the Linux Kernel’s jffs2_do_mount_fs Was Fixed
CVE-2022-49273 - Null Pointer Dereference in Linux Kernel’s PL031 RTC Driver (Explained Simply)
CVE-2022-49279 - Integer Overflow in Linux Kernel NFSD Could Lead to Security Issues on 32‑Bit Systems
CVE-2025-26601 - Use-After-Free in X.Org/XWayland Alarm Handling (**Exclusive Write-up**)
CVE-2025-26598 - How An Out-of-Bounds Write in X.Org and Xwayland Threatens Your Desktop – Explained with Code, Exploit Details, and References
CVE-2025-26594 - Exploiting a Use-After-Free in X.Org and Xwayland Root Cursor Handling
CVE-2025-1293 - How Weak JWT Validation in Hermes (<=.4.) Let Attackers Slip Past AWS ALB Authentication
CVE-2025-0624 - Grub2 Network Boot Out-of-Bounds Write Can Lead to Remote Code Execution
CVE-2025-22919 - Reachable Assertion in FFmpeg’s AAC Decoder Leads to Easy DoS Attack
CVE-2025-25475 - Exploiting NULL Pointer Dereference in DCMTK’s /libsrc/dcrleccd.cc Leads to DoS
CVE-2025-25471 - How a NULL Pointer Dereference in FFmpeg's MOV Demuxer Could Crash Your App
CVE-2025-0622 - Exploiting a Use-After-Free in GRUB2’s Command/GPG Module to Bypass Secure Boot
CVE-2025-21702 - Linux Kernel pfifo_head_drop qdisc Limit Bypass Vulnerability – Privilege Escalation Explained
CVE-2025-1390 - Libcap's PAM Module Incorrectly Recognizes Group Names, Leading to Privilege Escalation
CVE-2021-30369 - Why This “Vulnerability” Wasn’t a Vulnerability After All
CVE-2025-26793 - Default Credentials in Hirsch Enterphone MESH Web GUI Exposes Resident PII
CVE-2025-25204 - How a Simple Exit Code Bug in `gh attestation verify` Could Threaten Your Artifact Security
CVE-2024-57790 - Hardcoded Root Credentials in IXON B.V. IXrouter IX240 v3. Exposes Critical Industrial Systems
CVE-2023-34406 - Integer Overflow in Mercedes Benz NTG 6 User Data Function – How Hackers Could Crash Your Car’s Infotainment
CVE-2023-34402 - Exploiting Arbitrary File Write in Mercedes-Benz NTG6 Head-Unit via Profile Import Function
CVE-2025-21701 - Race Condition in Linux Kernel’s net Subsystem—Exploit Details and Patch
CVE-2025-25343 - Exploiting Buffer Overflow in Tenda AC6 V15.03.05.16’s `formexeCommand` Function
CVE-2025-25746 - D-Link DIR-853 A1 FW1.20B07 Password Buffer Overflow Demystified
CVE-2025-21699 - Inside the Linux Kernel’s gfs2 Flag Flaw (With Code and Exploit Details)
CVE-2025-21697 - How a Missed NULL Pointer in Linux Kernel's V3D DRM Could Cause Trouble
CVE-2025-23359 - Breaking Down the NVIDIA Container Toolkit TOCTOU Vulnerability (PoC, Technical Details & Exploit Insights)
CVE-2025-24976 - Exploiting Token Authentication in Distribution Registry (3..-beta.1 to 3..-rc.2)
CVE-2025-25188 - Hickory DNSSEC Trust Bypass – How a Simple Verification Flaw Exposed DNS Clients to Spoofing
CVE-2025-1150: Memory Leak Vulnerability Found in GNU Binutils 2.43 Causing BFD_Malloc Issues
CVE-2025-21689 - Null Pointer Dereference Fixed in Linux Kernel's USB Serial Driver (quatech2)
CVE-2024-12133 - Denial of Service via Slow Certificate Parsing in libtasn1
CVE-2025-25183 - How Predictable Hash Collisions in vLLM Can Let Attackers Interfere with AI Responses
CVE-2024-36558 - Cleartext Transmission of Sensitive Information in Forever KidsWatch Call Me KW-50
CVE-2025-23419 - Bypassing Client Certificate Authentication in NGINX with Session Tickets and Shared IPs
CVE-2024-2878 - How a Simple Search Term Can Trigger a Denial of Service in GitLab – Deep Dive & Exploitation
CVE-2024-5528 - Subdomain Takeover Vulnerability in GitLab Pages – A Deep Dive
CVE-2025-0665 - libcurl's Double Close on eventfd—How a Subtle Bug Can Haunt Your Server
CVE-2023-52924 - Underlying Dangers in Linux Netfilter's Verdict Map Handling—Issues, Exploit Details, and Technical Insights
CVE-2025-1017 - Memory Safety Bugs in Firefox and Thunderbird Could Lead to Arbitrary Code Execution
CVE-2025-25065 - Exploiting SSRF in Zimbra’s RSS Feed Parser (9.. < Patch 43, 10..x < 10..12, 10.1.x < 10.1.4)
CVE-2024-45569 - Memory Corruption in ML IE Parsing — Full Technical Deep Dive and Exploit Details
CVE-2025-0938 - Python’s urllib.parse Flaw with Square Brackets in Domain Names (Exclusive Post)
CVE-2025-23001 - Host Header Injection in CTFd 3.7.5 — How This Severe Bug Endangers Your CTF Platform
CVE-2024-47857 - PrivX SSH Proxy Flaw Lets Users Impersonate Accounts – Exploit Demo & Analysis
CVE-2025-21679 - Critical Btrfs Vulnerability in Linux Kernel – What Went Wrong, And How It Was Fixed
CVE-2025-21680 - Out-of-Bounds Access in Linux Kernel `pktgen` get_imix_entries – Explained with Code and Exploit Details
CVE-2025-21681 - Lockup in Linux Kernel Open vSwitch When Transmitting to Unregistering Netdev with Carrier
CVE-2025-21682 - Linux Kernel `bnxt` Driver Null Pointer Dereference & Feature Recalculation Flaw—Analysis and Exploit Details
CVE-2025-21672 - Linux Kernel afs Merge Preference Rule Lock Leak Vulnerability Explained
CVE-2025-21665 - How a Linux Kernel Bug Caused Infinite Loops on 32-bit Systems
CVE-2025-21667 - Infinite Loop Vulnerability in Linux Kernel’s iomap Layer Explained
CVE-2023-6195 - How a Markdown Image Could Let Hackers Reach Your Server in GitLab
CVE-2025-24884 - kube-audit-rest Leaks Previous Kubernetes Secret Values via Audit Logs
CVE-2025-24882 - How Attackers Can Trick Docker Images with regclient in Go (With Fixes and Exploit Details)
CVE-2024-57965 - How Axios Before 1.7.8 Handled URLs and Why It Matters
CVE-2024-45341 - Certificate URI with IPv6 Zone ID Bypasses Name Constraints in Private PKIs
CVE-2024-45336 - How HTTP Clients Leak Sensitive Headers via Cross-Domain Redirects
CVE-2022-31749 - Argument Injection in WatchGuard Fireware OS – Exploit Details and How It Works
CVE-2025-24123 - New Apple OS File Parsing Vulnerability Explained (with Exploit Details and Fixes)
CVE-2024-27256 - Weaker Crypto in IBM MQ Container Exposes Sensitive Data
CVE-2024-38320 - Weak Encryption in IBM Storage Protect Could Let Attackers Decrypt Your Sensitive Data
CVE-2019-15690 - How a Heap Buffer Overflow in LibVNCServer’s HandleCursorShape() Can Lead to Remote Code Execution
CVE-2024-57719 - Deep Dive Into the lunasvg v3.. Segmentation Violation in blend_transformed_tiled_argb.isra.
CVE-2025-0604 - How a Keycloak Password Reset Bug Lets Expired or Disabled AD Users Slip Through
CVE-2025-0395 - Buffer Overflow in GNU C Library assert() Puts Linux Systems at Risk
CVE-2024-24421 - Exploiting Magma’s nas_message_decode Type Confusion (<= v1.8.) for Code Execution and DoS
CVE-2024-24445 - How a Null Dereference in OpenAirInterface oai-cn5g-amf Can Kill Your Core
CVE-2025-22150 - The Predictable Boundary Flaw in Undici http/1.1 Client (Exploit Breakdown & Fixes)
CVE-2025-0377 - Exploiting the Zip-Slip Vulnerability in HashiCorp’s go-slug Library
CVE-2025-21660 - How a Linux Kernel ksmbd Path Bug Could Lead to Unexpected Filename Creation
CVE-2024-57940 - Critical Infinite Loop in Linux Kernel exFAT Filesystem (Explained & Exploited)
CVE-2024-57938 - Integer Overflow Bug in Linux Kernel SCTP Autoclose – Explained
CVE-2024-57931 - How a Simple Mistake in SELinux Could Crash Your Linux Kernel
CVE-2025-23086 - Tricking Users with Fake Origins in Brave Browser’s File Selector Dialog
CVE-2025-22620 - gitoxide File Permissions Vulnerability Allows World-Writable Executables
CVE-2024-13176 - Timing Side-Channel in ECDSA Allows Private Key Leakage — Simple Explanation & Exploit Details
CVE-2024-38337 - How an IBM Sterling Secure Proxy Permission Flaw Puts Sensitive Data At Risk
CVE-2024-57929 - Double Free Vulnerability in Linux Kernel’s dm-array (Fixed)
CVE-2024-57922 - Linux Kernel Divide-by-Zero Vulnerability in AMD DRM Display Code Explained
CVE-2024-57917 - Linux Kernel cpumask Printing Race Condition—Root Cause, Exploit, and Patch
CVE-2024-57904 - How a Linux Kernel Cleanup Bug Led to Potential Use-After-Free Flaws in at91 ADC Driver
CVE-2025-21651 - Linux Kernel hns3 Networking Vulnerability Exploited via Early Interrupts
CVE-2025-21648 - How a Linux Kernel Netfilter Vulnerability Could Trigger WARN_ON_ONCE in Conntrack
CVE-2025-21639 - Fixing a Linux Kernel SCTP Sysctl Vulnerability (Explained Simply)
CVE-2025-21640 - Exploiting and Understanding the Linux Kernel SCTP sysctl Null Pointer Dereference Vulnerability
CVE-2025-21638 - Linux Kernel SCTP Sysctl Vulnerability Explained
CVE-2025-21631 - Use-After-Free in Linux Kernel’s BFQ Block Scheduler – Exploit Analysis and Fix
CVE-2020-0436: What happened and why it was rejected by the CVE Numbering Authority?
CVE-2022-20128 - Everything You Need to Know About the Rejected CVE and Why It Matters
CVE-2022-0303 - Why This “Vulnerability” Was Rejected
CVE-2019-3309 - The Story of a Withdrawn Vulnerability
CVE-2025-22968 - Critical Root SSH Backdoor in D-Link DWR-M972V (1.05SSG) – Remote Code Execution Details and Exploit Guide
CVE-2025-21629 - How a Linux Kernel Networking Bug Broke—and Fixed—TCP Offload for Big IPv6 Packets
CVE-2024-57899 - 32-Bit Linux Kernel Wi-Fi Vulnerability in mac80211 Mesh Networks
CVE-2024-57889 - Understanding and Patching the Sleeping in Atomic Context Flaw in Linux Kernel’s MCP23s08 Pin Controller
CVE-2024-57888 - Understanding and Resolving a Linux Kernel Workqueue Warning
CVE-2025-23018 - IPv4-in-IPv6 and IPv6-in-IPv6 Tunneling Vulnerability Allows Traffic Spoofing and Routing Attacks
CVE-2024-53263 - Critical Git LFS Credential Leak via Control Character Injection (Full Analysis & Exploit Details)
CVE-2024-50349 - How Hidden Terminal Codes in Git URLs Can Steal Your Credentials
CVE-2025-0066 - Cracking SAP NetWeaver – A Simple Look at a High-Impact ABAP Info Leak
CVE-2025-22134 - Heap Buffer Overflow Vulnerability in Vim’s Visual Mode with :all Command
CVE-2024-57850 - Exploiting rtime Decompression Memory Corruption in Linux JFFS2
CVE-2024-57791 - Critical Linux Kernel Vulnerability in SMC – Explanation, Exploit Flow, and Patches
CVE-2024-56788 - Race Condition in Linux kernel oa_tc6 Ethernet Driver (Details & Exploit Insights)
CVE-2024-53690 - Exploiting and Fixing a Deleted Inode Use in Linux Kernel nilfs2
CVE-2024-53680 - Linux Kernel IPVS Initialization Buffer Bug Could Cause Kernel Panics
CVE-2024-53685 - Breaking Down a Ceph Kernel DoS – Endless Loop Vulnerability Explained
CVE-2024-49571 - Critical Linux Kernel Vulnerability in net/smc and How It Was Fixed
CVE-2024-41935 - Critical Linux Kernel Hang Due to f2fs Extent Tree Shrink – Vulnerability, Patch, and Exploit Explained
CVE-2025-21598 - Out-of-Bounds Read in Juniper Networks (Junos OS, Junos OS Evolved) RPD via Malformed BGP Packets
CVE-2025-22445 - How Mattermost's Broken UI Can Leave Admins Confused—and Calls Less Secure
CVE-2024-56786 - Use-After-Free Vulnerability in Linux Kernel’s BPF Link Handling
CVE-2024-56783 - What You Should Know About the Linux Kernel nft_socket cgroup Vulnerability
CVE-2024-56782 - How a Simple NULL Pointer Bug Was Fixed in Linux Kernel’s ACPI x86 Code
CVE-2024-56781 - Patch Closes Linux Kernel Powermac prom_init #size-cells Vulnerability
CVE-2024-56787 - Linux Kernel imx8m SoC Driver Vulnerability Explained
CVE-2024-56773 - Critical Null Pointer Dereference in Linux Kernel kunit_device_driver_test() — Details, Code, and Exploit Insights
CVE-2024-56777 - How a Kernel Bug in DRM Could Crash Linux – Analysis, Code, and Exploit Details
CVE-2024-56780 - Race Condition in Linux Kernel Quota Subsystem—Exploit & Fix Explained
CVE-2024-55459 - How a keras 3.7. Vulnerability Lets Attackers Write Files On Your Machine
CVE-2025-0238 - Use-after-Free in Firefox and Thunderbird (Exploit Detailed)
CVE-2025-0239 - Alt-Svc ALPN Certificate Validation Flaw in Firefox and Thunderbird
CVE-2024-51741 - Redis ACL Selector Vulnerability Enables DoS via Server Panic
CVE-2024-55627 - Critical Suricata Buffer Overflow Exploit Explained (With Code, References, and PoC)
CVE-2025-21613 - Argument Injection Exploit in go-git – What You Need to Know
CVE-2024-56761 - Linux Kernel x86/fred Indirect Branch Tracking (IBT) WFE State Handling Vulnerability
CVE-2024-56758 - Race Condition in Btrfs Leads to NULL Pointer Dereference in Linux Kernel
CVE-2023-6604 - FFmpeg’s XBIN Bug Explained – How Abused Parsing Can Crash Your Server
CVE-2024-21464 - Memory Corruption Vulnerability in IPA Statistics Processing When No Active Clients Registered
CVE-2024-20150 - Remote Denial of Service via Logic Error in Modem (Patch ID: MOLY01412526, Issue ID: MSV-2018)
CVE-2024-56734 - Open Redirect Vulnerability in Better Auth Email Verification (`<= v1.1.5`)
CVE-2024-56748 - Linux Kernel SCSI qedf Memory Leak Fixed - Explained
CVE-2024-56749 - Linux Kernel DLM Recovery Reference Count Vulnerability - Explained and Exploited
CVE-2024-56754 - How a Linux Kernel Crypto Bug Could Have Caused Resource Leaks
CVE-2024-56750 - Blksize < PAGE_SIZE Bug in Linux EROFS Filesystem – Details, Fix, and Exploit Walkthrough
CVE-2024-56726 - Vulnerability in Linux Kernel octeontx2-pf (cn10k.c) - Exploit Details & Fix Explained
CVE-2024-56705 - Linux Kernel atomisp Memory Allocation Vulnerability Explained
CVE-2024-56700 - Atomicity Violation and Null Pointer Dereference in Linux Kernel wl128x Driver
CVE-2024-56699 - Double Removal Vulnerability in Linux s390 PCI Hotplug (Explained & Exploit Details)
CVE-2024-56701 - Linux Kernel PowerPC/pSeries Privilege Escalation via Sleeping Lock Misuse
CVE-2024-56691 - Intel SoC PMIC BXTWC Linux Kernel Vulnerability Explained
CVE-2024-56681 - How a Missed Error Check Vulnerability Was Fixed in Linux Kernel’s Broadcom Crypto Driver
CVE-2024-56732 - Heap Overflow in HarfBuzz (hb_cairo_glyphs_from_buffer) Puts Modern Linux Apps at Risk
CVE-2024-56658 - Exploiting a Slab-Use-After-Free Bug in Linux Kernel netns (Resolved)
CVE-2024-56606 - Use-After-Free in Linux Kernel's AF_PACKET Implementation
CVE-2024-56586 - F2FS Filesystem Kernel BUG Trigger via Checkpointing -- Analysis & Exploit Details
CVE-2024-56585 - Linux Kernel LoongArch Sleeping in Atomic Context in PREEMPT_RT - Analysis & Remediation
CVE-2024-56576 - Linux Kernel Crash in Media I2C tc358743 Probe Error Path (Explained & Exploited)
CVE-2024-56562 - Linux Kernel i3c Master Use-After-Free in Address Handling (Explained with Exploit Details)
CVE-2024-56570 - OverlayFS Vulnerability in Linux Kernel—What It Is, How It Works, and How to Stay Safe
CVE-2024-56548 - Linux Kernel hfsplus Blocksize Vulnerability Deep Dive
CVE-2024-56532 - Linux Kernel ALSA us122l Use-After-Disconnect Vulnerability
CVE-2024-56531 - Linux Kernel ALSA USB Disconnect Vulnerability Explained
CVE-2024-53219 - virtiofs Kernel Direct I/O Large Buffer Vulnerability — Analysis, Exploit, and Patch Walkthrough
CVE-2024-53214 - Out-of-Bounds Access in Linux Kernel's VFIO PCIe Extended Capabilities Handling
CVE-2024-53196 - Critical KVM MMIO Instruction Handling Bug in Linux Kernel (arm64)
CVE-2024-53193 - Memory Corruption Bug in Linux Kernel Loongson2 Clock Driver (clk-loongson2) Explained
CVE-2024-53181 - Linux Kernel Vector Device Release Vulnerability Explained (With Exploit Details)
CVE-2024-53169 - How a Race Condition in Linux NVMe Fabrics Could Crash Your Kernel
CVE-2024-53172 - Linux Kernel UBI Fastmap Slab Cache Name Collision Vulnerability Explained
CVE-2022-21505 - Defeating Linux Kernel Lockdown with IMA Appraise Log and Kexec (Explained)
CVE-2024-53160 - Data Race in Linux Kernel RCU/kfree Handling – Root Cause, Fix, and Exploit Details
CVE-2024-53159 - Understanding a Rejected Vulnerability
CVE-2024-53153 - How a Simple PCIe Endpoint Timing Bug Could Crash Your Qualcomm-based Linux Kernel (And How It Got Fixed)
CVE-2024-56378 - Out-of-Bounds Read in Poppler’s JBIG2 Bitmap Combine Function (Simple Guide with Exploit Example)
CVE-2022-32204 - Exploiting Improper Input Verification in Huawei Printers (HWPSIRT-2022-87185)
CVE-2022-32144 - Huawei Insufficient Input Verification Vulnerability Explained (HWPSIRT-2022-76192)
CVE-2022-33954 - How Weak Credential Storage in IBM Robotic Process Automation Could Let Attackers Steal Secrets
CVE-2022-44517 - Out-of-Bounds Read in Adobe Acrobat Reader DC – Understanding the Threat, Exploit Details, and Mitigation
CVE-2024-45338 - Exploiting Non-Linear Parsing for Denial of Service – Complete Analysis & PoC
CVE-2024-54662 - Breaking Down the Dante SOCKS Proxy Security Flaw (And How to Stay Safe)
CVE-2024-8650 - GitLab Merge Request Vulnerability: Unresolved Threads of Internal Notes in Public Projects Exposed to Non-Member Users
CVE-2024-7701 - Exploiting Weak Password Hashing in Percona Toolkit for Easy Brute-Forcing
CVE-2024-9367 - GitLab Changelog Template Parsing DoS Vulnerability Explained
CVE-2024-54529 - A Deep Dive Into the macOS Kernel Logic Bug Allowing Arbitrary Code Execution
CVE-2024-11053 - How Curl’s Netrc Credentials Can Leak on HTTP Redirects
CVE-2024-49531 - Exploiting the Acrobat Reader NULL Pointer Dereference DoS Vulnerability
CVE-2024-12286 - Exploiting Default SSH Credentials on MOBATIME DTS 4801 Network Master Clock
CVE-2024-55565 - How a Non-Integer Bug in nanoid Could Break Your IDs (Exploit, Fix, and Analysis)
CVE-2024-54137 - How a Critical Indexing Bug in liboqs’ HQC KEM Could Break Shared Secrets
CVE-2024-53142 - Linux Kernel initramfs Filename Buffer Overrun Vulnerability - Explained
CVE-2024-6156 - How LXD’s PKI Mode Could Be Bypassed—A Deep Dive into the Bug, Exploitation, and Fixes
CVE-2024-11155 - Exploiting a "Use After Free" Vulnerability in Rockwell Arena® for Code Execution
CVE-2024-53846 - OTP SSL Extended Key Usage Verification Bypass – Exploit Analysis, Sample Code, and Mitigations
CVE-2024-54126 - Breaking Down the TP-Link Archer C50 Firmware Signature Verification Flaw
CVE-2018-9439 - Use-After-Free in Linux AF_PACKET (`af_packet.c`) — Exploit Explained
CVE-2018-9402 - Buffer Overwrite in gl_proc.c Leading to Kernel Privilege Escalation
CVE-2024-54002 - Exploiting a Timing Attack in Dependency-Track’s Login Endpoint
CVE-2024-54134 - Solana’s @solana/web3.js NPM Package Compromise and What Developers Must Know
CVE-2024-53139 - Linux Kernel SCTP Use-After-Free Flaw (sctp_v6_available) Explained
CVE-2024-53135 - Intel PT Virtualization in Linux KVM—What Went Wrong?
CVE-2024-53138 - How Linux Kernel’s kTLS Page Refcounting Bug Hits Large Folios (and How It Was Fixed)
CVE-2024-53137 - Breaking Down the Linux Kernel ARM Cacheflush PAN Vulnerability (with Exploit Details)
CVE-2024-53131 - Linux Kernel nilfs2 `block_touch_buffer` Null Pointer Dereference Vulnerability
CVE-2024-53133 - Linux Kernel DRM/AMD/Display Driver -- Crash and Double-Free Vulnerability Explained
CVE-2024-53127 - How a Flawed Linux Patch Broke SD Card Boot on Arm Devices (and Why Reverting Was the Only Option)
CVE-2024-53130 - Null Pointer Dereference in Linux nilfs2 block_dirty_buffer Tracepoint
CVE-2024-25020 - Remote Code Execution in IBM Cognos Controller via Malicious File Upload
CVE-2024-53900 - Mongoose $where Injection Vulnerability Explained
CVE-2024-53981 - Excessive Logging Vulnerability in python-multipart Leads to Denial of Service
CVE-2024-53116 - Panthor DRM Linux Kernel Vulnerability – Partial GPU Buffer Object Mapping Mishap
CVE-2024-53104 - Out of Bounds Write in Linux Kernel UVC Video Driver (`uvcvideo`) Explained
CVE-2024-35366 - Integer Overflow in FFmpeg n6.1.1’s libavformat (sbgdec.c) – Deep Dive and Exploit Overview
CVE-2024-53980 - Endless Loop Vulnerability in RIOT OS IEEE 802.15.4 Packet Reception on CC2538
CVE-2024-53848 - Cache Confusion Vulnerability in check-jsonschema ([Explained with Exploits and Fixes])
CVE-2024-53865 - Sensitive Passwords Logged in Clear Text in zhmcclient Python Package
CVE-2024-35369 - Integer Overflow in FFmpeg Speex Decoder (avcodec/speexdec.c) Explained
CVE-2024-36619 - Integer Overflow in FFmpeg's WAVARC Decoder (n6.1.1) Leads to DoS
CVE-2024-53858 - GitHub CLI Token Leak When Cloning Submodules – What You Need to Know
CVE-2024-42332 - How Forged SNMP Traps Poison Zabbix UI With Fake Data
CVE-2024-42328 - Exploiting NULL Pointer Dereference in WebDriver Browser Data Download
CVE-2024-36468 - Zabbix Server/Proxy Stack Buffer Overflow Exploit – Breaking Down The Vulnerability
CVE-2024-53849 - Vulnerability in editorconfig-core-c Leads to Buffer Overflow with Malicious Patterns
CVE-2024-11668 - How GitLab’s Long-Lived Connections Bypassed Authentication and What It Means for You
CVE-2024-11704 - Double-Free Vulnerability in sec_pkcs7_decoder_start_decrypt() – Details, Exploitation, and Safeguards
CVE-2024-33605 - Path Traversal in installed_emanual_list.html — Exploit Details and Analysis
CVE-2024-53096 - Fixing Faulty Error Handling in Linux Kernel `mmap_region()`
CVE-2024-53899 - How a Simple Quoting Mistake in Virtualenv Led to Command Injection
CVE-2024-52804 - Tornado Cookie Parsing Vulnerability Explained with Exploit Example
CVE-2024-41781 - Breaking Down the IBM PowerVM Platform KeyStore Vulnerability
CVE-2024-52755 - Exploiting a Buffer Overflow in D-LINK DI-8003 (v16.07.26A1) via the host_ip Parameter
CVE-2024-53075 - Linux Kernel RISCV CPU Node Reference Count Fix Explained
CVE-2024-53076 - Linux Kernel Memory Leak in iio_gts_build_avail_scale_table()—Explained Simply
CVE-2024-53065 - Duplicate kmem_cache Creation Warning in Linux kernel's mm/slab – Root Cause, Impact, and Exploitability
CVE-2024-53057 - Use-After-Free in Linux Kernel Traffic Control Queues (TC) — In-Depth Analysis
CVE-2024-53056 - How a Tiny Bug in Linux’s MediaTek DRM Driver Could Cause Kernel Panics
CVE-2024-11003 - How Local Attackers Could Exploit needrestart Before v3.8 for Arbitrary Command Execution
CVE-2024-50299 - Fixing the SCTP Chunk Size Validation Bug in the Linux Kernel
CVE-2023-0657 - How a Signature Check Flaw in Keycloak Let Attackers Swap Tokens and Gamble with Your Data
CVE-2024-49536 - Out-Of-Bounds Read Vulnerability in Adobe Audition — How Attackers Can Leak Your Memory
CVE-2024-3447 - Heap-Based Buffer Overflow in QEMU SDHCI Device Emulation Explained
CVE-2023-4134 - Use-After-Free in Linux cyttsp4_core Driver – Understanding the Exploit and Impact
CVE-2024-52533 - Off-by-One Buffer Overflow in GNOME GLib `gsocks4aproxy.c` – Exploit Details & Analysis
CVE-2024-50133 - Linux Kernel LoongArch Crash – stack_top() NULL vdso Pointer Dereference
CVE-2024-50135 - Race Condition in Linux Kernel’s NVMe PCI Driver – Exploit Details and Patch Explained
CVE-2024-50136 - Linux Kernel net/mlx5 Notifier Leak—Explained and Exploited
CVE-2023-52920 - Linux Kernel BPF Verifier Stack Precision Tracking Flaw Explained
CVE-2024-9632 - X.org Server Buffer Overflow Could Become Root Privilege Nightmare
CVE-2024-50087 - Linux Kernel Btrfs Uninitialized Pointer Free Vulnerability Explained
CVE-2024-50082 - A Deep Dive into the Linux Kernel rq_qos_wait/rq_qos_wake_function Race Condition
CVE-2024-50080 - Critical Linux Kernel UBLK Vulnerability Explained (with Code and Exploitation Details)
CVE-2024-50081 - Fixed Linux Kernel Oops via Uninitialized blk-mq tag_set – Details, Code, and Exploit Explained
CVE-2024-50068 - Memory Leak in Linux Kernel DAMON sysfs KUnit Test
CVE-2024-50070 - How a Missed NULL Check in Linux pinctrl-stm32 Led to a Security Vulnerability
CVE-2024-50069 - How a Simple Return Value in the Linux Kernel Could Lead to Big Problems
CVE-2024-49761 - ReDoS Vulnerability in REXML Gem <3.3.9 – How a Simple XML Can Break Your Ruby App
CVE-2024-45802 - How a Squid Proxy Bug Exposed Users to Denial of Service Attacks
CVE-2024-8013 - Inside the MongoDB Encrypted Fields Disclosure Bug
CVE-2024-9287 - Command Injection in Python venv Activation Scripts – Explained
CVE-2023-52918 - Linux Kernel cx23885 Driver Vulnerability and its Fix Explained
CVE-2023-52919 - Linux Kernel NFC Vulnerability – NULL Pointer Dereference in send_acknowledge() Explored
CVE-2024-50064 - Memory Leak Vulnerability in Linux Kernel zram (Multi-Stream Algorithm Names)
CVE-2024-49859 - Linux Kernel f2fs "atomic_file" IOCTL Race Condition Explained
CVE-2024-47753 - Critical Linux Kernel Crash in Mediatek VP8 Codec (Exploit and Deep Dive)
CVE-2024-47754 - How a Mediatek Video Codec Bug Could Crash Your Linux Kernel & What’s Been Fixed
CVE-2024-47744 - Linux Kernel KVM Deadlock Fixed – Details, Analysis, and Exploitability
CVE-2024-47685 - Exploiting and Fixing Uninitialized TCP Header Bits in Linux netfilter (nf_reject_ipv6)
CVE-2024-9143 - Understanding the Risks in OpenSSL's GF(2^m) Curve APIs
CVE-2023-32191 - How RKE’s `full-cluster-state` ConfigMap Opens the Door to Kubernetes Admin Privileges
CVE-2024-9680: Use-After-Free Vulnerability in Animation Timelines Exploited in the Wild, Affecting Firefox and Thunderbird Versions
CVE-2024-45230 - Django Template Filter Denial of Service Explained (with Code Exploit Example)
CVE-2024-43047 - Memory Corruption in HLOS Memory Mapping – Deep Dive & Exploit Example
CVE-2024-45519 - How Unauthenticated Users Can Exploit Zimbra’s postjournal Service
CVE-2024-9393 - Exploiting PDF.js in Firefox and Thunderbird for Cross-Origin Attacks
CVE-2024-46258 - Inside the Heap Buffer Overflow in cute_png v1.05 (cp_load_png_mem)
CVE-2024-46867 - Deadlock and Sleeping in Atomic Bug in Linux Kernel DRM XE - An Exploit Walkthrough
CVE-2024-46847 - Linux Kernel vmap_block Uninitialized Field Race Leads to Potential OOB Access
CVE-2024-45614 - How Underscore Headers Could Undermine Your Puma Web App Security
CVE-2024-46797 - PowerPC Linux Kernel QSpinlock MCS Queue Deadlock – Deep Dive, Cause, and Fix
CVE-2024-46795 - Null Pointer Dereference in Linux Kernel KSMBD Session Setup—Analysis, Exploit, and Patch
CVE-2024-29779 - Unusual Root Cause Allows Local Privilege Escalation (Detailed Analysis & Exploit)
CVE-2024-46693 - Race Condition in Qualcomm PMIC Glink Linux Kernel Driver (Exploit and Patch Deep Dive)
CVE-2024-46698 - Linux Kernel Video/Aperture sysfb_disable() Resource Use After Free Vulnerability Explained
CVE-2024-46682 - Linux Kernel NFSv4. State Dereference Fault (Exploit & Fix Explained)
CVE-2024-8504 - From Agent to Root—How Attackers Exploit VICIdial for Root Shell Access
CVE-2024-45296 - How A Regex Bug in path-to-regexp Can Freeze Your JavaScript App
CVE-2023-30584 - Path Traversal Bypass in Node.js 20 Experimental Permission Model
CVE-2024-45002 - Linux Kernel rtla/osnoise NULL Pointer Dereference Vulnerability Explained
CVE-2024-45000 - Data Race Fix in Linux Kernel’s fscache_cookie – How a Missed Counter Check Led to Kernel NULL Pointer Dereference
CVE-2024-44992 - How a NULL Pointer Dereference Was Fixed in the Linux Kernel SMB Client – An Explainer
CVE-2024-44995 - How a Linux Kernel Deadlock in hns3's Traffic Control Configuration Was Squashed
CVE-2024-44971 - Memory Leak in Linux Kernel's Broadcom SF2 DSA MDIO Register Function (Patch Analysis and Exploitation)
CVE-2024-44957 - Fixing a Deadlock in the Linux Kernel’s Xen privcmd irqfd Handling
CVE-2024-45490 - Exploiting Negative-Length Parsing in libexpat XML Parser (xmlparse.c before 2.6.3)
CVE-2024-8210 - Critical Vulnerability in D-Link NAS Devices Leads to Command Injection
CVE-2024-43904 - Null Pointer Dereference Fixed in Linux Kernel’s AMD Display Driver (drm/amd)
CVE-2024-43903 - Critical Null Pointer Dereference in Linux Kernel AMD GPU Driver
CVE-2024-43901 - NULL Pointer Dereference in AMDGPU DRM Debug Logging (Linux Kernel)
CVE-2024-43902 - NULL Pointer Dereference in Linux Kernel’s AMD Display Driver (drm/amd/display)
CVE-2024-42263 - Memory Leak in Linux Kernel’s drm/v3d Timestamp Extension Fixed
CVE-2024-43374 - Use-After-Free Vulnerability in Vim's Argument List Handling
CVE-2024-42472 - Dangerous Flatpak Escape – How a Sandbox Hole Could Expose Your Files
CVE-2024-7006 - Exploiting a Libtiff Null Pointer Dereference (tif_dirinfo.c) for Denial of Service
CVE-2024-0108 - Breaking Down the NVIDIA Jetson Linux NvGPU MMU Vulnerability
CVE-2024-7610 - GitLab CE/EE Denial of Service (DoS) Vulnerability via Elasticsearch Result Parsing
CVE-2024-3958 - How a GitLab Discrepancy Can Let Attackers Trick You into Cloning Malicious Code
CVE-2024-3114 - Exploiting GitLab CE/EE REDoS with Invalid Commits (Exclusive Deep Dive)
CVE-2024-42248 - Linux Kernel Serial Port Vulnerability Exposed and Fixed
CVE-2024-42247 - Preventing Unaligned Memory Access in WireGuard's AllowedIPs Module on Linux
CVE-2024-42250 - Vulnerability in Linux kernel cachefiles poll routine – What Happened, Why It Matters, and How It Was Fixed
CVE-2024-42245 - O(n) Iteration Vulnerability in Linux Kernel’s sched/fair Leading to Hard Lockups
CVE-2024-42244 - USB Serial mos784 Linux Kernel Crash on Resume (Exclusive Explanation, Exploit, and Patch)
CVE-2024-23444 - ElasticSearch Certutil Exposes Unencrypted Private Keys During CSR Generation
CVE-2024-42229 - Linux Kernel Crypto Modules Left Sensitive Keys in Memory (Exploit Details Inside)
CVE-2024-42223 - Integer Overflow in Linux Kernel DVB-Frontend tda10048 – Deep Dive, Exploit, and Patch
CVE-2024-42227 - A Deep Dive into the Linux Kernel Overlapping Copy Vulnerability in AMD Display Driver
CVE-2024-42139 - Linux Kernel ICE extts Event Handling Bug – Explained with Exploit Details
CVE-2024-42080 - A Deep Dive into a Resolved Linux Kernel Vulnerability in RDMA Resource Tracking
CVE-2024-42083 - Linux Kernel Panic via Ionic Driver Multi-Buffer Handling Bug
CVE-2024-42070 - How a Subtle netfilter/nf_tables Bug Could Leak Kernel Pointers
CVE-2024-42073 - Linux Kernel mlxsw Spectrum-4 Memory Corruption Exploit (Explained Simply)
CVE-2023-52887 - Enhanced Error Handling in Linux Kernel’s CAN J1939 XTP - What It Means and How to Exploit
CVE-2024-41080 - Solving a Deadlock in Linux Kernel's io_uring (io_register_iowq_max_workers Vulnerability Exploited)
CVE-2024-41091 - TUN Driver Short Frame Vulnerability in Linux Kernel Explained
CVE-2024-41090 - Linux Kernel TAP Device Short Frame Vulnerability Explained
CVE-2024-1737 - How Packed Resource Records Can Slow Down BIND 9 – Deep Dive & Exploit Example
CVE-2024-41012 - Unveiling the POSIX File Lock Use-After-Free Flaw in the Linux Kernel
CVE-2024-41010 - Use-After-Free in Linux Kernel BPF TCX Entries – Anatomy, Exploit Path, and Patch Explained
CVE-2022-48842 - Linux Kernel ice Driver Race Condition – Deep Dive and Exploitation
CVE-2022-48828 - Understanding the Linux Kernel NFSD ia_size Underflow Vulnerability
CVE-2022-48817 - Fixing a Panic in Linux Kernel DSA AR9331 Driver by Proper MDIO Bus Management
CVE-2024-41008 - Reference Count Vulnerability in AMDGPU’s vm->task_info Handling in the Linux Kernel
CVE-2024-40960 - NULL Pointer Dereference in Linux Kernel IPv6 (rt6_probe) – Explained In Simple Terms
CVE-2024-39508 - Data Race in Linux Kernel io_uring/io-wq Fixed with Atomic Bit Operations
CVE-2024-39330 - Django Storage Directory Traversal Explained (With Example & Exploit)
CVE-2024-31331 - Unmasking the Hidden Service Vulnerability in Android’s PackageManagerService
CVE-2024-38517 - Elevation of Privilege in Tencent RapidJSON via Integer Underflow (with Exploit Details)
CVE-2024-39484 - How a Linux Kernel Driver Cleanup Flaw Led to Resource Leaks (And What Was Done About It)
CVE-2024-39478 - How a Linux Kernel Bug in starfive’s Crypto Could Crash Systems
CVE-2024-39474 - How a Linux Kernel Bug Could Lead to NULL Dereference Kernel Panics (and How It Was Fixed)
CVE-2024-39475 - How a Divide-by-Zero Bug in Linux Kernel's savagefb Driver Was Fixed
CVE-2024-39929 - How Exim Misparses Multiline RFC 2231 Headers and Lets Malicious Attachments Slip Through
CVE-2024-33871 - How Hackers Can Exploit Ghostscript’s OPVP Driver to Run Code — A Deep Dive
CVE-2024-6375 - Missing Authorization on Shard Key Refinement Exposes MongoDB to Security & Performance Risks
CVE-2024-6323 - GitLab Global Search Improper Authorization Leaks Private Repo Content in Public Projects
CVE-2024-29953 - Web Interface Flaw Exposes Session Encoded Passwords in Brocade Fabric OS
CVE-2024-29954 - Brocade Fabric OS Password Leak via Firmware Download Log Exposure
CVE-2024-37085 - How a Deleted and Re-Created AD Group Can Let Attackers Bypass Authentication in VMware ESXi
CVE-2024-34027 - Deep Dive Into The f2fs Compression Race Condition Bug in Linux Kernel
CVE-2024-6239 - Poppler Pdfinfo -dests Parameter Crash Leads to Denial of Service
CVE-2024-36978 - Out-of-Bounds Write in Linux Kernel `sch_multiq` Scheduler Explained
CVE-2024-37081 - Exploiting vCenter Server Sudo Misconfigurations for Local Privilege Escalation
CVE-2024-37891 - Proxy-Authorization Header Leakage in urllib3 on Cross-Origin Redirects – Exploit Analysis and Mitigation
CVE-2024-38439 - Netatalk Off-By-One Heap Buffer Overflow Exploit Breakdown
CVE-2024-5702 - Memory Corruption Vulnerability in Firefox, Thunderbird — How a Networking Stack Bug Exposed Millions
CVE-2024-24194 - Understanding the robdns NULL Pointer Dereference (commit d76d2e6) Vulnerability
CVE-2022-1242 - How Apport Can Be Tricked Into Connecting to Arbitrary Sockets as Root
CVE-2024-36926 - Linux PowerPC LPAR Boot Panic – Kernel NULL Pointer Vulnerability Explained
CVE-2024-36905 - Critical Linux Kernel TCP Divide-by-Zero Vulnerability Explained
CVE-2024-36904 - Linux Kernel Use-After-Free in tcp_twsk_unique() – Analysis, Exploitation & Patching
CVE-2024-36901 - NULL Pointer Dereference in Linux Kernel ipv6/ip6_output.c (Explained with Code, Exploit Paths & Fix)
CVE-2024-36897 - Null Pointer Dereference in AMD Display Drivers on Linux — Analysis and Exploit Details
CVE-2024-36016 - Out-of-Bounds Write in Linux Kernel's n_gsm TTY Layer—Root Cause and Exploit Details
CVE-2021-47549 - Exploiting and Understanding the sata_fsl Use-After-Free (UAF) in Linux Kernel’s rmmod
CVE-2024-5247 - NETGEAR ProSAFE NMS UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability Explained
CVE-2024-35570 - File Upload Vulnerability in inxedu v2..6's ImageUploadController Leads to Arbitrary Code Execution
CVE-2024-5143 - SMTP Credential Exposure by Redirecting Outbound Emails on Network Devices
CVE-2024-31840 - Cleartext Password Exposure in Italtel Embrace 1.6.4 Web Application – Details & Exploit Example
CVE-2024-35580 - Tenda AX1806 Stack Overflow via adv.iptv.stbpvid in formSetIptv – Exploit Guide and Analysis
CVE-2024-35579 - Stack Overflow Vulnerability in Tenda AX1806 (v1...1) via `iptv.city.vlan` Parameter
CVE-2024-36004 - i40e Workqueue Memory Reclaim Flag Issue in Linux Kernel
CVE-2024-35982 - Infinite Log Spam and Hang in Linux Kernel's batman-adv Due to MTU/TT Resizing Failure
CVE-2024-35944 - Dangerous memcpy in Linux Kernel’s VMCI Subsystem Explained
CVE-2024-25742 - Breaking Down the Linux AMD SEV-SNP/ES Virtual Interrupt Injection Vulnerability (Pre-6.9 Kernel)
CVE-2024-35855 - Use-After-Free Vulnerability in Linux Kernel mlxsw Spectrum ACL TCAM
CVE-2024-35844 - Linux Kernel f2fs Compression Block Reservation Flaw Explained
CVE-2024-4603 - OpenSSL’s DSA Parameter/Key Checks May Lead to DoS via Slow Processing
CVE-2024-34905 - Buffer Overflow Vulnerability in FlyFish v3.. Login – Deep Dive & Exploitation
CVE-2024-31142 - Unpacking the Xen Branch Type Confusion Vulnerability
CVE-2024-4068 - How the NPM Package `braces` Turned Into a Memory Bomb
CVE-2024-3727 - Deep Dive into GitHub containers/image Path Traversal, Registry Abuse & Exploit Details
CVE-2024-34459 - How an xmllint –htmlout Buffer Over-Read Became a Serious Libxml2 Vulnerability
CVE-2024-32620 - Understanding the Heap-Based Buffer Over-Read in HDF5 up to v1.14.3
CVE-2024-32616 - Understanding and Exploiting the HDF5 Heap Buffer Over-Read (Through 1.14.3)
CVE-2024-32613 - Heap Buffer Over-Read in HDF5 Library (Through 1.14.3) – Explanation, Exploitation, and Fixes
CVE-2024-29164 - Stack Buffer Overflow in HDF5’s H5R__decode_heap – Technical Analysis and Exploit Insights
CVE-2024-27401 - Linux Kernel FireWire `nosy` Buffer Overflow Vulnerability Explained
CVE-2024-27394 - Use-After-Free Vulnerability in the Linux Kernel’s TCP AO Connection Initialization
CVE-2024-27282 - Ruby Regex Compiler Heap Leak Explained with Code, Exploit, and Fixes
CVE-2023-52656 - Deadly Legacy—How Linux io_uring’s SCM_RIGHTS Vulnerability Was Disarmed
CVE-2022-43656 - Bentley View FBX File Parsing Out-Of-Bounds Read Vulnerability Explained
CVE-2024-34397 - D-Bus Signal Spoofing in GNOME GLib – How Your Linux Apps Might Listen to the Wrong Voice
CVE-2024-33601 - How a Netgroup Cache Bug in nscd Can Crash Your Linux System
CVE-2024-34069 - How Werkzeug’s Debugger Flaw Could Let Attackers Run Code on Your Localhost
CVE-2023-44443 - GIMP PSP File Parsing Integer Overflow Remote Code Execution Explained
CVE-2023-44429 - GStreamer AV1 Codec Heap Overflow—A Remote Code Execution Nightmare
CVE-2023-49606 - Use-After-Free Vulnerability in Tinyproxy HTTP Connection Header Parsing (Exploit Analysis and Walkthrough)
CVE-2024-27075 - Stack Overflow Warning Fixed in Linux Kernel's DVB Frontends ‒ Explained
CVE-2024-27389 - How a Linux Kernel pstore Filesystem Bug Was Tracked and Fixed
CVE-2024-27390 - How a Linux Kernel Bug Slowed Your Network – and the Fix Explained
CVE-2024-27076 - Deep Dive into the Linux Kernel imx csc/scaler v4l2_ctrl_handler Memory Leak Vulnerability
CVE-2024-27072 - Understanding and Exploiting a Deadlock in Linux Kernel's usbtv Module
CVE-2024-27073 - Unraveling the Linux Kernel memleak in ttpci Budget AV Attach
CVE-2024-27067 - Understanding and Exploiting the Linux Kernel xen/evtchn Unbinding Vulnerability
CVE-2024-27068 - Deep Dive into a Linux Kernel Memory Leak in MediaTek LVTS Thermal Driver
CVE-2024-27058 - Linux Kernel tmpfs dquot rbtree Race Condition Explained
CVE-2024-27053 - RCU Usage Vulnerability in Linux wilc100 Wifi Driver — Explained
CVE-2024-27034 - Linux Kernel F2FS Compress Race Condition Allows Data Corruption (Exploit & Patch Analysis)
CVE-2024-27045 - Linux Kernel Buffer Overflow in AMD Display DRM (dp_dsc_clock_en_read) Explained
CVE-2024-27043 - Use-After-Free in Linux Kernel DVB Device Registration (Explained with Exploit Path)
CVE-2024-27046 - How a Null Pointer in Linux's nfp_fl_lag_do_work Could Crash Your System—and How It Got Fixed
CVE-2024-27044 - Linux Kernel AMD Display Driver Vulnerability Explained
CVE-2023-52652 - A Close Look at the Linux Kernel NTB Name Leak Vulnerability
CVE-2024-27017 - Deep Dive Into Linux Kernel netfilter Vulnerability (Exploit Details & Patch Explained)
CVE-2024-27009 - Race Condition in Linux Kernel’s s390/cio Subsystem — Explained and Exploited
CVE-2024-27008 - Out-of-Bounds Access in Linux Kernel’s Nouveau DRM Subsystem (nv04) Explained
CVE-2024-27010 - Linux Kernel Mirred Deadlock Fixed – How Recursive Qdisc Locking Caused Packet Loss and How It Was Patched
CVE-2024-27011 - Insights and Exploit Path for nf_tables Map Memleak in Linux Kernel
CVE-2024-27012 - Deep Dive and Exploit Details – Linux Netfilter nf_tables Set Deletion Vulnerability
CVE-2024-27001 - Incomplete Endpoint Checking in Linux Kernel’s comedi vmk80xx Driver
CVE-2024-26999 - Understanding and Patching the Linux Kernel `pmac_zilog` RX IRQ Flood Vulnerability
CVE-2024-26996 - Use-After-Free in Linux Kernel USB NCM Gadget (Deep Dive & Exploit Analysis)
CVE-2024-26990 - Kernel KVM x86/mmu Dirty Logging Vulnerability Explained
CVE-2024-26992 - Adaptive PEBS Leaks in Linux Kernel's KVM—What Was Fixed and How It Affects You
CVE-2024-26991 - Don’t Overflow lpage_info When Checking Attributes in KVM’s x86 MMU (Linux Kernel Vulnerability Detailed)
CVE-2024-26987 - Linux Kernel mm/memory-failure Deadlock with hugetlb_optimize_vmemmap – Explained Simply
CVE-2024-26981 - Out-of-Bounds Read in nilfs2's Directory Handling (Linux Kernel)
CVE-2024-26983 - Use-After-Free in Linux Kernel `bootconfig` (xbc) Memory Free Logic
CVE-2024-26978 - Null Pointer Dereference Fixed in Linux Kernel max310x I2C Driver
CVE-2024-26984 - Race Condition Fixed in Nouveau Driver (Linux Kernel) – Instmem ptrs Bug Explained
CVE-2024-26974 - Race Condition & Use-After-Free in Linux Kernel’s Intel QAT Driver Explained
CVE-2024-26976 - Linux Kernel KVM Async #PF Workqueue Flush Bug and Exploit Details
CVE-2024-26973 - How a Linux FAT File Handle Bug Could Leak Uninitialized Memory
CVE-2024-26972 - Understanding a Rejected CVE — Why “Vulnerabilities” Get Withdrawn
CVE-2024-26970 - Out-Of-Bounds Array Access in Linux Kernel's Qualcomm Clock Driver (gcc-ipq6018) Explained
CVE-2024-26963 - Linux Kernel USB dwc3-am62 Unload/Reload Bug — Explained and Exploited
CVE-2024-26965 - Out-of-Bounds Access Fixed in Qualcomm MSM8974 Clock Driver (Linux Kernel)
CVE-2024-26964 - Linux Kernel USB xHCI DMA Mapping NULL Pointer Vulnerability Explained
CVE-2024-26958 - Linux Kernel NFS UAF Vulnerability in Direct Writes – Analysis & Exploit Details
CVE-2024-26961 - Use-After-Free Fixed in Linux mac802154_llsec_key_del — Details and Exploitation
CVE-2024-26960 - Linux Kernel Race Condition in Swap Handling (Exploit Deep Dive)
CVE-2024-26949 - Understanding and Exploiting the Linux Kernel amdgpu Power Limit Dereference Bug
CVE-2024-26938 - How a Linux Kernel Bug in Intel Graphics Could Crash Your System
CVE-2024-26939 - Deep Dive into Linux Kernel UAF in i915 VMA — How It Happened, How It Was Fixed
CVE-2024-26941 - Divide-by-Zero Fault in Linux Kernel drm/dp on DisplayPort MST Unplug with Nouveau
CVE-2024-26935 - SCSI ProcFS Host Directory Removal Regression in Linux Kernel Explained
CVE-2024-26937 - Linux Kernel drm/i915/gt Preempt-to-Busy Race Condition Explained
CVE-2024-26929 - Double Free Vulnerability in Linux Kernel’s qla2xxx SCSI Driver (fcport) – Exploit Details and Fix
CVE-2024-2859 - Root Login Enabled by Default in SANnav OVA — Exploit Analysis & Mitigation
CVE-2023-6237 - Slow RSA Public Key Checks Can Cause Denial of Service (DoS) in OpenSSL
CVE-2024-26923 - Linux Kernel AF_UNIX Garbage Collector Race Condition – Details and Exploit Overview
CVE-2024-26924 - Linux Kernel netfilter/nftables set_pipapo Use-After-Free and Crash Explained
CVE-2024-26922 - Breaking Down the Linux Kernel drm/amdgpu Parameter Validation Vulnerability
CVE-2024-2961 - Exploiting iconv() Buffer Overflow in GNU C Library (glibc) – Simple Guide with Code Example
CVE-2024-26891 - Linux Kernel IOMMU/vt-d ATS Invalidation Hard Lockup Vulnerability Explained
CVE-2024-26876 - Linux Kernel Local Crash via adv7511 HDMI Bridge IRQ Timing Bug
CVE-2024-26872 - Critical Use-After-Free Vulnerability in Linux Kernel RDMA/SRPT Subsystem
CVE-2024-26862 - Linux Kernel Packet Socket Data Race – Explanation, Exploit, and Patch
CVE-2023-52644 - Linux Kernel b43 Wi-Fi Queue Handling Privilege Escalation Explained
CVE-2024-3861 - How Self-Move in AlignedBuffer Could Crash Firefox, ESR, and Thunderbird
CVE-2024-3302 - Out of Memory Vulnerability in Firefox and Thunderbird (HTTP/2 CONTINUATION Frames Exploit)
CVE-2024-26817 - How a Simple Memory Allocation Bug in amdkfd Could Let Attackers Crash Linux Kernel
CVE-2024-26816 - KASLR Information Leak in Linux Kernel’s `.notes` Section Explained
CVE-2024-26810 - Race Condition in Linux VFIO PCI INTx Handling Explained
CVE-2024-25709 - What Happens When a CVE Gets Rejected? (Explained with Code & Examples)
CVE-2024-26656 - Use-After-Free Vulnerability in Linux Kernel’s AMDGPU DRM Driver
CVE-2024-26654 - ALSA Dreamcast AICA Use-After-Free Vulnerability in Linux Kernel Explained
CVE-2024-26653 - Double Free Vulnerability Fixed in Linux Kernel USB ljca Device Driver
CVE-2024-29946 - How Attackers Can Abuse Splunk’s Dashboard Examples Hub with Unsafe SPL Commands
CVE-2024-2616 - How a Subtle ICU Memory Handling Flaw Threatened Firefox ESR and Thunderbird Security
CVE-2024-28054 - How a Simple MIME Boundary Bug in Amavis Let Malicious Emails Slip Through
CVE-2024-2193 - Speculative Race Condition (SRC) Exposes Sensitive Data on Modern CPUs
CVE-2024-26620 - s390/vfio-ap Matrix Filtering Flaw in Linux Kernel – Full Analysis & Exploit Details
CVE-2024-26618 - Understanding the Linux Kernel arm64/sme Vulnerability (With Exploit Insights)
CVE-2024-26616 - Use-After-Free in Btrfs scrub When Chunk is Not 64K-Aligned – Root Cause, Exploitation, and Patch
CVE-2024-26612 - How a Simple Check in the Linux Kernel Prevented a Crash (Oops) in netfs/fscache
CVE-2024-26614 - Linux Kernel TCP Accept Queue Spinlock Initialization Vulnerability – Analysis, Exploit, and Remediation
CVE-2023-52490 - How a Linux Kernel Memory Migration Bug Nearly Wrecked Critical Systems
CVE-2023-52491 - Use-After-Free Vulnerability in Linux Kernel’s Media mtk-jpeg Driver Explained
CVE-2023-52487 - A Deep Dive Into Linux Kernel net/mlx5e Peer Flow Handling Flaw (and How It Can Be Exploited)
CVE-2024-28757 - Exploiting XML Entity Expansion in libexpat up to 2.6.1
CVE-2024-26625 - Stale Pointer Use in Linux Kernel LLC Socket Release (Fixed)
CVE-2024-26627 - Heavy Lock Contention and Potential Hard Lockups in Linux SCSI Host Error Handling (Explained with Code)
CVE-2023-52600 - Use-After-Free Vulnerability in Linux Kernel JFS (jfs_evict_inode)
CVE-2023-52585 - Deep Dive into the Linux Kernel AMDGPU Info Null Pointer Bug with Exploit Details
CVE-2023-52583 - Deadlock in Linux Kernel Ceph Due to Incorrect Lock Order
CVE-2024-26622 - Inside the Linux Kernel’s Tomoyo UAF Write Bug—Explanation and Exploit Details
CVE-2024-26621 - Unpacking the 32-bit Linux Kernel THP Alignment Vulnerability (Exclusive Analysis & Exploit Guide)
CVE-2023-52575 - Why This CVE Was Withdrawn and What It Means for You
CVE-2021-47081 - Use-After-Free Vulnerability in Linux Kernel’s habanalabs/gaudi Device Driver
CVE-2021-47016 - Timer Interrupt Bug in Linux Kernel m68k (mvme147, mvme16x) – Explained and Exploited
CVE-2021-47055 - How a Linux Kernel Permission Bug Exposed Flash Storage to Tampering
CVE-2021-47060 - Linux Kernel KVM Coalesced MMIO Use-After-Free Bug Explained
CVE-2024-26462 - Memory Leak Vulnerability in Kerberos 5 (krb5) 1.21.2 Explained
CVE-2024-21723 - Inadequate URL Parsing Leads to Open Redirect Vulnerability
CVE-2024-21722 - Breaking MFA – How Unexpired Sessions Leave You Unprotected
CVE-2021-47046 - Off-By-One Read Overflow in Linux Kernel’s AMD HDMI Handler
CVE-2021-47041 - Understanding the Linux Kernel `nvmet-tcp` Locking Deadlock Vulnerability
CVE-2021-47042 - Memory Leak in Linux Kernel’s AMD Display Driver (`amdgpu`) Explained
CVE-2021-47037 - Understanding and Exploiting the Linux Kernel ASoC q6afe-clocks Driver Vulnerability
CVE-2021-47040 - Linux Kernel io_uring Overflow Vulnerability Explored
CVE-2021-47032 - How a DMA Mapping Leak in MT7915 Linux Wi-Fi Driver Was Patched
CVE-2021-47033 - Understanding and Exploiting a DMA Unmapping Bug in the Linux Kernel mt76 Driver
CVE-2021-47024 - Memory Leak in Linux Kernel vsock/virtio – How It Happened, Exploit Impact, and Fix
CVE-2021-47034 - kernel data access bug in PowerPC Radix MMU root — Understanding, Exploit, and Fix
CVE-2021-47011 - Fixing memcg Reference Leak in Linux Kernel’s Memory Controller (mm/memcontrol)
CVE-2021-47014 - Wild Memory Access in Linux Kernel net/sched act_ct Fragment Handling
CVE-2021-47002 - Linux Kernel SUNRPC Null Pointer Dereference in `svc_rqst_free()`—Explained Simply
CVE-2021-47008 - Ghastly GHCB Gaffe in Linux KVM SVM Exposed and Explained
CVE-2021-47017 - Use-After-Free Vulnerability in Linux Kernel ath10k Wi-Fi Driver
CVE-2021-47006 - Understanding the Linux Kernel ARM hw_breakpoint Vulnerability – Causes, Patch, and Exploit Details
CVE-2021-46990 - PowerPC/64s Linux Kernel Entry Flush Barrier Crash (Explained With Patch Details & Exploit Insight)
CVE-2021-46991 - Use-After-Free Vulnerability in Linux Kernel's i40e Network Driver Explained
CVE-2021-46987 - Deadlock in Linux Btrfs When Cloning Inline Extents with Qgroups
CVE-2020-36785 - Addressing the Linux Kernel Vulnerability: Use After Free Exploit in AtomISP Alloc_CSS_STAT_BUFs()
CVE-2021-46974 - Linux Kernel BPF Pointer Arithmetic Vulnerability Explained
CVE-2021-46972 - Dentry Leak in Linux Kernel OverlayFS — Detailed Analysis & Exploit Guide
CVE-2021-46970 - Workqueue Flags Misuse Vulnerability in Linux Kernel MHI PCI Generic Driver
CVE-2021-46965 - How a Linux Kernel Stack Access Bug Could Lead to Out-of-bounds Reads (Exclusive Analysis)
CVE-2021-46964 - Linux Kernel SCSI qla2xxx Driver Crash from Insufficient IRQ Vectors — Exploit Details & Patch Explained
CVE-2021-46966 - Linux Kernel ACPI Custom Method Use-After-Free Explained
CVE-2021-46975 - Understanding a Rejected CVE – What Does It Mean and Why Should You Care?
CVE-2021-46956 - Memory Leak Vulnerability in virtiofs’s `virtio_fs_probe()` (Linux Kernel)
CVE-2021-46955 - Open vSwitch Stack Out-of-Bounds Read in Linux Kernel while Fragmenting IPv4 Packets
CVE-2021-46957 - Fixing Kernel Panic in RISC-V Linux when Tracing sys_read with Kprobe
CVE-2024-25711 - Exploiting a Directory Traversal Vulnerability in diffoscope via GPG Embedded Filenames
CVE-2024-25767 - Exploiting a Use-After-Free Vulnerability in NanoMQ .21.2 (`/nanomq/nng/src/core/socket.c`)
CVE-2023-52466 - Why Was It Rejected? Full Breakdown & Context
CVE-2021-41856 - Understanding a "Rejected" and "Unused" CVE – Why Does This Happen?
CVE-2021-33163 - Why This Vulnerability Was Rejected – A Deep Dive
CVE-2021-33167 - What Happened, Why It Was Rejected, and a Deeper Look
CVE-2021-33151 - The Unused Vulnerability — What It Means, and Why It Matters
CVE-2021-33154 - The Unused Security Hole That Wasn’t – What You Need to Know
CVE-2021-33156 - Understanding the “Rejected” Vulnerability and Why It’s Unused
CVE-2021-33144 - Unused CVE and Why It Was Rejected
CVE-2021-33143 - What Happened, Why It Was Rejected, and What You Need to Know
CVE-2021-33165 - Rejected Vulnerability Explained – Why “This is unused” Matters
CVE-2021-33136 - A Deep Dive Into An Unused Vulnerability (Rejected & Unused)
CVE-2021-33158 - Privilege Escalation in Intel Ethernet Adapters and I225 Controller Explained
CVE-2021-33127 - Understanding the ‘Unused’ Vulnerability – What Happened and Why It Was Rejected
CVE-2021-33085 - The "Unused" Vulnerability Explained
CVE-2021-33131 - The "Unused" Vulnerability That Never Was
CVE-2021-33121 - Understanding Why This CVE Was REJECTED
CVE-2021-33072 - A Closer Look at an “Unused” Vulnerability (Rejected)
CVE-2021-33099 - The "Unused" Vulnerability — What Happens When a CVE Is Rejected?
CVE-2023-52461 - Understanding the Linux Kernel DRM Scheduler Vulnerability (and How It Was Fixed)
CVE-2024-25756 - Stack-Based Buffer Overflow in Tenda AC9 v3. - How Attackers Can Take Control
CVE-2024-25385 - Denial of Service in flvmeta v1.2.2 via flv_close Function
CVE-2024-23136 - How a Malicious STP File in ASMKERN228A.dll Can Compromise Autodesk AutoCAD
CVE-2024-23134 - Autocad IGS File Parsing UAF to Code Execution in tbb.dll
CVE-2024-23130 - Exploiting Memory Corruption in Autodesk’s ODXSW_DLL.dll with Crafted SLDASM/SLDPRT Files
CVE-2024-23125 - Exploiting Stack-based Overflow via Malicious SLDPRT File in AutoCAD (ODXSW_DLL.dll)
CVE-2024-23127 - Exploiting Heap Overflow in Autodesk ODXSW_DLL.dll and libodxdll.dll through SLDPRT, SLDASM, and MODEL Files
CVE-2024-24479 - Buffer Overflow in Wireshark Explained — Facts, Code, and Vendor Dispute
CVE-2024-24478 - Wireshark Vulnerability Explored – Disputed Denial of Service in BGP Dissection
CVE-2021-29038 - Hidden Danger in Liferay Portal and DXP—How Exposed Password Reminders Can Lead to Account Takeover
CVE-2024-25141 - The Hidden Risk Behind Mongo Hook’s Default SSL Setting (`allow_insecure`)
CVE-2024-0794 - Remote Code Execution on HP LaserJet Printers via PDF Embedded Font Buffer Overflow
CVE-2024-25197 - Critical NULL Pointer Dereference in Open Robotics ROS2/Nav2 (Humble) — Deep Dive, Exploit Example, and Patch Guidance
CVE-2024-1556 - Exploiting a Profiler NULL Check Bug in Firefox (<123)
CVE-2024-25199 - Use-After-Free in ROS2 & Nav2 (humble) via Inappropriate Pointer Order in map_sub_ and map_free(map_)
CVE-2024-25196 - Buffer Overflow in Open Robotics ROS2/Nav2 Via Malicious YAML File – Analysis and Exploit Details
CVE-2024-1546 - Understanding and Exploiting the Firefox Buffer Length Confusion Vulnerability
CVE-2024-1554 - How a Firefox Cache Bug Made Your Browser Vulnerable to Poisoning
CVE-2023-52433 - Understanding and Exploiting the netfilter nft_set_rbtree Race in the Linux Kernel
CVE-2024-26327 - Buffer Overflow in QEMU SR-IOV VF Registration (Full Exploit Write-Up)
CVE-2023-52375 - Breaking Down the WindowManagerServices Permission Control Vulnerability
CVE-2023-52366 - Understanding and Exploiting the Out-of-Bounds Read Vulnerability in Smart Activity Recognition
CVE-2023-52367 - Breaking Down the Media Library Improper Access Control Vulnerability (With Exploit & Code)
CVE-2023-52365 - Out-of-Bounds Read in Smart Activity Recognition Module—How It Works and How It Can Be Exploited
CVE-2023-52360 - How Logic Vulnerabilities in the Baseband Threaten Mobile Network Integrity
CVE-2024-0020: Potential Information Disclosure via Confused Deputy in Android NotificationSoundPreference
CVE-2024-0037 - How a Simple Missing Permission Check in SaveUi.java Can Leak Your Images
CVE-2023-40112 - Uncovering the Out of Bounds Read Vulnerability in ippSetValueTag (ipp.c)
CVE-2023-40100 - How a Use-After-Free Bug in Android’s Dns64Configuration.cpp Leads to Local Privilege Escalation
CVE-2022-23087 - How Misbehaving bhyve Guests Can Exploit e100’s Checksum Offload to Break Out of the Host
CVE-2022-23086 - Heap Overwrite Vulnerability in FreeBSD mpr/mps/mpt SCSI Drivers
CVE-2022-23088 - How a Wi-Fi Beacon Bug Can Hack Your FreeBSD Device
CVE-2023-50868 - Understanding and Exploiting the "NSEC3" DNSSEC DoS Vulnerability
CVE-2023-22512 - High Severity DoS Vulnerability in Confluence Data Center and Server—What You Need to Know
CVE-2022-22942 - How a Simple 'vmwgfx' Linux Kernel Bug Lets Attackers Peek Inside Other Users’ Files
CVE-2023-45286 - Race Condition in go-resty Can Leak HTTP Request Bodies — Explained
CVE-2023-32302 - Understanding the Rejected CVE, Why It's Off The Table
CVE-2023-24593 - The Story of a Rejected Vulnerability and Why It Matters
CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-30123 - Exploiting Sequence Injection in Rack’s Lint and CommonLogger for Shell Escape
CVE-2022-32221 - libcurl Handle Reuse Leads to Unintended Data Send in POST Requests
CVE-2022-35256 - Exploiting the llhttp Parser Bug in Node.js v18.7. for HTTP Request Smuggling
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44187 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2022-42698 Unauth
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-45066 Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2021-36905 Multiple Auth
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-40751 UCD 6.2.7.0 through 7.2.3.1 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-34354 - Sensitive Data Exposure in IBM Sterling Partner Engagement Manager 2.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-30768 Stored XSS flaw in ZoneMinder 1.36.12 allows Admin users to execute arbitrary HTML or JavaScript when they logout.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2022-38385 The IBM Cloud Pak for Security 1.10.0.0 through 1.10.2.0 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 4.8.0.143 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-3737 - How a Core Vulnerability in PHOENIX CONTACT Automationworx Software Suite Exposed Critical Memory
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-33239 - Exploiting Transient DOS via Infinite Loop in WLAN Firmware (Snapdragon Platforms Deep Dive)
CVE-2022-25743 - Understanding and Exploiting a Snapdragon Graphics Memory Corruption Bug
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-40844 An issue with Tenda's W15Ev2 AC1200 router's applications' filtering tab allows an attacker to execute JavaScript code via the URL.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V15.11.0.10(1576) had a stack overflow vulnerability.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2022-26845 - Exploiting Intel AMT Improper Authentication for Remote Privilege Escalation
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-39395 - Exploiting Default Configurations in Vela CI/CD Pipelines for Container Breakouts
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-3706 - Breaking Down the GitLab Improper Authorization Vulnerability With Example and Exploit Details
CVE-2022-3413 - GitLab EE Incorrect Authorization for Audit Events – How Developers Could Read What They Shouldn’t
CVE-2022-3818 - How a Simple URL Parsing Bug Could Take Down Your GitLab - Deep Dive, Exploit Example & Mitigations
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-41663 - Exploiting Use-After-Free in Siemens JT2Go and Teamcenter Visualization via Malicious CGM Files
CVE-2022-39136 - Heap-Based Buffer Overflow in Siemens JT2Go and Teamcenter Visualization – Exploit Explained
CVE-2022-39157 - Out-of-Bounds Read in Parasolid Leads to Potential Code Execution
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-44050
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2021-39077 - How IBM Security Guardium Exposed Credentials in Clear Text (Explained with Exploit Details)
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-3575 - How a Simple Configuration Upload Can Compromise Frauscher FDS102 Devices
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-32895 - How a Race Condition in macOS Exposed Protected File System – A Deep Dive
CVE-2022-42319 - How a XenStore Memory Leak Can Let Guests Trigger DoS (Denial of Service)
CVE-2022-42325 - Exploiting Xenstore Transaction Bugs to Overfill Node Limits
CVE-2022-42315 - How Xenstore Guests Can Run Xenstored Out of Memory (Exclusive Deep Dive)
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 3.3.11.3 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
Notag posts