CWE-668: CWE-668

CVE-2022-24975 (GitBleed) is a documentation issue where Git's --mirror clone option documentation doesn't mention that deleted content remains access...

This vulnerability allows attackers to access metadata of private files in Drupal by guessing file IDs, potentially exposing sensitive information. It...

CVE-2021-39971 is an external control vulnerability in HarmonyOS password vault that allows attackers to manipulate system settings. This could lead t...

CVE-2020-20948 is an arbitrary file download vulnerability in JEECG v3.8 that allows attackers to access sensitive server files by manipulating the 'l...

This vulnerability in Windows Encrypting File System (EFS) allows authenticated attackers to upload arbitrary files to privileged locations via EFSRPC...

This vulnerability allows unauthenticated remote attackers to subscribe to arbitrary message broker queues in Siemens SiPass and Siveillance Identity ...

This vulnerability in Jfinal CMS 5.1.0 allows attackers to bypass access controls and access sensitive configuration files containing database credent...

CVE-2020-18754 is an information disclosure vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 that allows unauthorized access to sen...

This vulnerability in Akkadian Provisioning Manager allows attackers to access sensitive information stored in the /pme subdirectories without authent...

CVE-2020-18646 is an information disclosure vulnerability in NoneCMS v1.3 that allows remote attackers to access sensitive information through the /pu...

This vulnerability involves broken firmware encryption in Hanwha Vision DVR/NVR devices, allowing attackers to decrypt firmware and potentially extrac...

This vulnerability allows attackers to escape from AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications to execute OS commands v...

CVE-2023-3670 is a local privilege escalation vulnerability in CODESYS Development System and CODESYS Scripting where insecure directory permissions a...

This vulnerability in Listary allows attackers to create a malicious named pipe that Listary automatically accesses when a privileged user opens a ses...

This vulnerability in certain Intel processors with Intel ACTM (Advanced Control Transfer Mitigation) allows a privileged user to access resources the...

SENEC Storage Box V1, V2, and V3 devices expose a management interface with publicly known default admin credentials, allowing unauthorized access. Th...

A race condition vulnerability in the Linux kernel's Intel ISH HID driver causes a kernel panic when dereferencing a NULL pointer during device warm r...

This Linux kernel vulnerability allows interrupt handlers to corrupt stack pointers during context switching, potentially leading to kernel panics and...

A vulnerability in the Imagination GPU driver for Linux kernels allows a local attacker to cause a kernel crash (denial of service) by triggering a GP...

A use-after-free vulnerability in the Linux kernel's MAX9286 I2C camera bridge driver causes a kernel oops (crash) when removing the module. This affe...

This CVE addresses a Linux kernel stack depot exhaustion vulnerability on s390 architecture systems. When PREEMPT and KASAN are enabled, missing IRQ e...

A vulnerability in the Linux kernel's ath12k WiFi driver incorrectly maps DMA direction for reassembled fragmented packets, potentially allowing infor...

A vulnerability in the Linux kernel's VMCI driver allows local attackers to potentially leak sensitive information through speculative execution. The ...

This CVE allows information leakage across Linux network namespaces. When a packet socket is created without binding to a device in one namespace, use...

This vulnerability in the Linux kernel's Bluetooth Qualcomm Atheros (qca) driver allows information disclosure when fetching board ID. An attacker cou...

CVE-2022-47338 is a missing permission check vulnerability in telecom services that allows local attackers to cause denial of service. This affects de...

An unauthenticated remote attacker can exploit Skill Scanner's API Server to cause denial of service through resource exhaustion or upload arbitrary f...

An unauthenticated network attacker can crash the msvcsd process on Juniper Junos OS Evolved devices configured with inline jflow, causing temporary d...

This vulnerability exposes an SSH interface on Schneider Electric products' network interfaces, allowing attackers to discover and potentially target ...

This CVE describes an information leak vulnerability in the Linux kernel's ipack ipoctal driver. The driver allocates tty device names on the stack, w...

The WebAssembly Micro Runtime's iwasm package in versions 2.4.0 and below incorrectly handles IPv4 addresses without subnet masks in the --addr-pool p...

This CVE describes a local privilege escalation vulnerability in VB-Audio Matrix and Matrix Coconut virtual audio drivers. An unprivileged local attac...