Browse CVEs

Multiple reflected cross-site scripting (XSS) vulnerabilities in Subrion CMS v4.2.1 installation module allow attackers to inject malicious JavaScript...

A stored cross-site scripting vulnerability in Tendenci CMS allows attackers to inject malicious scripts into the Jobs module. When users view affecte...

A stored cross-site scripting (XSS) vulnerability in Tendenci CMS v15.3.7 allows attackers to inject malicious scripts into forum posts that execute w...

This CVE describes an access control vulnerability in IBM Jazz Foundation that allows authenticated users to perform actions or view data beyond their...

This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, w...

This CVE describes a path traversal vulnerability in pip's wheel archive extraction. When installing a maliciously crafted wheel file, attackers can w...

An unauthenticated attacker on the same Controller Area Network (CAN) bus can disrupt operations by rapidly switching between configuration presets. T...

This vulnerability allows a local attacker with physical USB access to cause a full device reset by using an invalid reset file. It affects devices th...

CVE-2022-50977 allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via HTTP requests. Th...

This vulnerability allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via Modbus TCP. I...

This vulnerability allows an unauthenticated attacker on the same network segment to disrupt operations by switching between multiple configuration pr...

This vulnerability allows an unauthenticated remote attacker to hijack existing user sessions and gain full administrative access to affected devices....

This vulnerability allows local privilege escalation on macOS systems running Native Access. A low-privileged user can exploit DYLIB injection in the ...

This vulnerability allows attackers to bypass code signature verification in Native Access's XPC service on macOS through PID reuse attacks. An attack...

EAP Legislator contains a path traversal vulnerability in its file extraction functionality. Attackers can craft malicious zipx archives that, when op...

This HTTP request smuggling vulnerability in SoupServer allows remote attackers to send specially crafted requests that bypass normal request processi...

A stack-based buffer overflow vulnerability in libsoup allows remote attackers to execute arbitrary code or crash applications by sending specially cr...

This SQL injection vulnerability in AKCE Software's SKSPro allows attackers to execute arbitrary SQL commands on the database. All SKSPro installation...

A memory leak vulnerability in xmllint's interactive shell allows local denial-of-service attacks. When users input only whitespace, the program fails...

The SimpleDirectoryReader component in llama_index.core versions before 0.12.41 has a memory management flaw where it loads all files from a directory...

This vulnerability in LibreChat allows attackers to exploit an unrestricted fork function to create numerous content forks containing large Mermaid gr...

This vulnerability in huggingface/text-generation-inference allows unauthenticated attackers to trigger resource exhaustion by exploiting unbounded ex...

This vulnerability allows authenticated users in lunary-ai/lunary to delete prompts belonging to other organizations through ID manipulation. The appl...

This CVE describes a local privilege escalation vulnerability in mlflow versions before 3.4.0 where temporary directories for Python virtual environme...

This vulnerability in GitLab CE/EE allows unauthorized users to edit merge request approval rules under specific conditions. It affects all GitLab ins...

This vulnerability allows unauthenticated attackers to trigger resource-intensive text generation operations and manipulate server state in the lollms...

This CVE describes a PHP Local File Inclusion vulnerability in the Talemy Spirit Framework WordPress plugin. Attackers can exploit improper filename c...

This vulnerability in MediaTek modems allows remote denial of service through system crashes when devices connect to rogue base stations. Attackers ca...

This vulnerability allows remote attackers to cause a system crash (denial of service) in affected modem devices by connecting to a rogue base station...

This vulnerability in MediaTek modems allows remote denial of service through improper input validation. An attacker can crash the system by connectin...

This CVE describes a use-after-free vulnerability in the cameraisp component that could allow local privilege escalation. Attackers with System privil...

CVE-2026-20412 is an out-of-bounds write vulnerability in the cameraisp component that allows local privilege escalation. Attackers with initial Syste...

This CVE describes an out-of-bounds write vulnerability in the imgsys component due to missing bounds checks. It allows local privilege escalation fro...

This CVE describes a use-after-free vulnerability in the imgsys component that allows local privilege escalation. An attacker who already has System p...

This vulnerability in the imgsys component allows memory corruption due to improper locking. It enables local denial of service attacks when exploited...

This CVE describes an out-of-bounds write vulnerability in PCIe drivers that could allow local privilege escalation. Attackers with initial System pri...

This vulnerability in MediaTek wlan AP/STA firmware allows remote attackers within wireless range to cause denial of service by making the system unre...

This vulnerability in MediaTek modems allows remote denial of service through improper input validation. An attacker can crash the system by connectin...

This vulnerability in MediaTek modems allows remote denial of service through system crashes when devices connect to rogue base stations. Attackers ca...

This vulnerability allows remote denial of service attacks against devices with affected MediaTek modems. An attacker can crash the system by connecti...

This CVE describes a heap buffer overflow vulnerability in wlan (wireless LAN) components that allows remote attackers to execute arbitrary code witho...

CVE-2026-20409 is an out-of-bounds write vulnerability in the imgsys component that allows local privilege escalation. Attackers with initial System p...

This CVE describes an out-of-bounds write vulnerability in imgsys (likely MediaTek image processing subsystem) that allows local privilege escalation....

This vulnerability allows remote denial of service attacks against mobile devices with affected MediaTek modems. An attacker can crash the system by c...