RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to vi…

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which…

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS…

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables accoun…

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticat…

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss …

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malware…

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and …

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication …

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of…

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote …

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin serv…

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUA…

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reje…

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if depen…

In Apache CouchDB, a malicious user with permission to create documents in a database is able t…

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does n…

An issue was discovered in pip (all versions) because it installs the version with the highest …

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. Th…

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconf…

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache…

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefi…

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain…

An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource…

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient…

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's …

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versi…

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICM…

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing …

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versi…

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service coul…

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. …

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, th…

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a craf…

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the cli…

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and i…

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges …

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks…