CWE-345: CWE-345

This vulnerability allows local attackers with low-privileged code execution to escalate privileges on Visteon Infotainment systems by exploiting insu...

This vulnerability allows a local attacker on Windows systems to escalate privileges by exploiting insufficient data validation in Google Chrome's ins...

AudioCodes VoIP desk phones through version 3.4.4.1000 have insufficient firmware validation that only uses simple checksums. This allows attackers wh...

This CVE describes a command injection vulnerability in Xiaomi Router AX3600 firmware that allows attackers to execute arbitrary code on affected devi...

This vulnerability in AMD's Platform Security Processor (PSP) boot ROM allows attackers to execute arbitrary code when encrypted firmware images are l...

CVE-2021-29239 is a vulnerability in CODESYS Development System 3 where malicious documents or files embedded in libraries are displayed or executed w...

This CVE addresses a cache poisoning vulnerability in Moodle that could allow attackers to manipulate locally cached data. The vulnerability affects M...

This vulnerability allows attackers to embed malicious VBA scripts in Rockwell Automation project files (RSP/RSS). When a legitimate user opens an inf...

This CVE allows attackers with Kubernetes API access to bypass Cilium network policies by updating pod labels with non-existent construct names. It af...

OpenClaw versions before 2026.2.2 fail to validate Telegram webhook secrets, allowing unauthenticated attackers to send forged Telegram updates. This ...

OpenClaw versions 2026.1.30 and below have an authentication bypass vulnerability in Telegram webhook mode. When channels.telegram.webhookSecret is no...

Authlib versions before 1.6.4 fail to properly validate JWS tokens with unknown critical header parameters, violating RFC 7515 requirements. Attackers...

This vulnerability in PowerDNS Recursor allows attackers to spoof DNS responses for ECS-enabled queries more effectively than standard queries. It aff...

This vulnerability allows attackers to replace the FRP client binary with malicious code during download, as Gradio lacks integrity verification. User...

This vulnerability allows attackers to gain elevated privileges on Windows systems by exploiting the Print Spooler service. Attackers could execute ar...

This CVE involves the removal of GLOBALTRUST root certificates from the certifi Python package due to compliance issues. Systems using affected certif...

This vulnerability in MIT Kerberos 5 allows attackers to modify the plaintext Extra Count field in GSS krb5 wrap tokens, causing applications to recei...

CVE-2024-30250 is a security bypass vulnerability in Astro-Shield that allows attackers to inject malicious cross-origin resources by adding valid int...

CVE-2023-38552 is a security bypass vulnerability in Node.js's experimental policy mechanism that allows attackers to forge checksums and disable inte...

This vulnerability affects systems using certifi Python package versions before 2023.07.22, which included compromised e-Tugra root certificates. Atta...

This CVE describes an integrity vulnerability in SwagPayPal's JavaScript-based PayPal checkout methods where the payment amount and item list sent to ...

CVE-2015-5236 is a Same Origin Policy bypass vulnerability in IcedTea-Web that allows malicious websites to spoof the codebase attribute in Java apple...

CVE-2021-4031 is an insufficient verification vulnerability in Syltek applications that allows attackers to bypass payment systems by forging requests...

CVE-2020-19769 is an insufficient verification vulnerability in the BurnMe() function of Rob The Bank 1.0 that allows attackers to steal tokens from u...

The Luca contact tracing app server (versions through 1.1.14) allows attackers to insert fake COVID-19 exposure records because phone number data lack...

This vulnerability allows attackers to perform Local File Inclusion (LFI) attacks in Piwigo's LocalFilesEditor extension. By manipulating the 'file' p...

This vulnerability allows a local attacker to bypass file protection mechanisms in Samsung Android devices by exploiting insufficient verification of ...

This vulnerability allows unauthenticated remote attackers to conduct cross-site WebSocket hijacking attacks against Cisco IOS XE devices with web UI ...

This vulnerability allows authentication bypass in Red Hat Enterprise Application Platform 8 when using OIDC with multi-tenant applications. An attack...

This vulnerability allows local attackers or those who can bypass CORS restrictions to escalate privileges to the level of the Arduino Create Agent se...

The Belkin AX1800 router firmware update handler has insufficient verification of data authenticity, allowing attackers to remotely deliver malicious ...

This vulnerability allows remote attackers to execute arbitrary code on HanwhaVision camera devices during Wave server installation via command inject...

Altenergy Power Control Software C1.2.5 contains a remote code execution vulnerability in the /models/management_model.php component due to insufficie...

CVE-2022-30272 allows attackers to upload malicious firmware to Motorola ACE1000 RTUs due to lack of cryptographic authentication. This affects organi...

This vulnerability in eprosima Fast DDS allows expired Permissions Certificate Authorities (PermissionsCA) to be accepted as valid due to insufficient...

This vulnerability in Kyverno allows attackers who compromise image registries to control which image diggets Kyverno users receive, potentially deliv...

This vulnerability in Open vSwitch allows ICMPv6 Neighbor Advertisement packets to bypass OpenFlow rules between virtual machines. A local attacker ca...

This vulnerability allows attackers to modify the configured server list in BIG-IP Edge Client for Windows and macOS, potentially redirecting client c...

This vulnerability allows physically present attackers to bypass authentication on Pioneer DMH-WT7600NEX in-car multimedia systems by exploiting insuf...

This vulnerability in gitoxide's gix-path component allows limited Windows users to escalate privileges by placing a malicious git.exe in a hard-coded...

This vulnerability allows attackers with command execution capabilities to bypass kernel code signing protections and execute arbitrary native code on...

This vulnerability in Tenda G1 routers allows attackers to upload malicious firmware due to insufficient authentication checks in the firmware update ...

This vulnerability in Tenda AC15 routers allows attackers to bypass firmware update authentication checks, potentially enabling malicious firmware ins...

This vulnerability in D-Link DIR-619L routers allows attackers to upload malicious firmware due to insufficient verification of firmware authenticity....

This vulnerability in Diebold Nixdorf Vynamic Security Suite allows physical attackers to bypass disk encryption by manipulating hard disk contents du...

This vulnerability in the Python cryptography package allows attackers to provide specially crafted public keys from small-order subgroups, bypassing ...

This Bluetooth vulnerability in Android allows attackers to bypass permission checks and access sensitive information when users interact with mislead...

This vulnerability in Zoom Workplace Apps allows unprivileged users to cause denial of service attacks by exploiting insufficient data authenticity ve...

CVE-2025-1944 is a ZIP archive manipulation vulnerability in picklescan versions before 0.0.23 that allows malicious PyTorch model files to bypass sec...

Thunderbird email client displays incorrect sender addresses when emails use invalid group name syntax in the From field. This allows attackers to spo...