Microsoft SharePoint Server Remote Code Execution Vulnerability

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic …

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x …

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely…

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signatu…

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parse…

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when ref…

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF…

When a protocol selection parameter option disables all protocols without adding any then the d…

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an…

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Comp…

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP …

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a …

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GP…

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compressi…

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. …

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafte…

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are su…

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression…

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly pars…

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affec…

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP …

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.ru…

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an…

OpenZeppelin Contracts is a library for secure smart contract development. A function in the im…

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in Z…

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker…

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier ena…

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, a…

PAN-OS software provides options to exclude specific websites from URL category enforcement and…

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runt…

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a sub…

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authent…

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP …

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a valida…

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8`…

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on chi…

Zulip is an open-source team collaboration tool with topic-based threading that combines email …

Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Expres…

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header…