RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to vi…

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host h…

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin re…

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticat…

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Auth…

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss …

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malware…

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determi…

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code log…

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Exe…

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allo…

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remot…

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not prop…

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connection…

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote a…

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 an…

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 functi…

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verif…

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using p…

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks b…

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-…

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directo…

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to i…

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote …

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is …

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CP…

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libra…

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60…

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsig…

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf …

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUA…

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsaf…

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reje…

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equiv…

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and th…

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to…

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if depen…

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionali…

In Apache CouchDB, a malicious user with permission to create documents in a database is able t…