Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…

The HTTP/2 protocol allows a denial of service (server resource consumption) because request ca…

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) …

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choos…

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers t…

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 h…

GNU Bash through 4.3 processes trailing strings after function definitions in the values of env…

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle …

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expression…

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote …

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Executi…

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attack…

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and…

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache…

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up a…

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in ce…

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An …

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient ad…

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an a…

Grafana is an open source data visualization platform. In affected versions unauthenticated and…

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Informatio…

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function def…

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote …

Cacti is an open source platform which provides a robust and extensible operational monitoring …

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a …

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allo…

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab …

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote att…

The previous default setting for Airflow's Experimental API was to allow all API requests witho…

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauth…

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code e…

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is pr…

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerabili…

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of e…

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting …

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Sal…

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlog…

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain config…

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses…