CWE-670: CWE-670

This vulnerability in AMD's CPM OEM SMM (System Management Mode) firmware allows a privileged attacker to manipulate control flow and tamper with SMM ...

A heap buffer overflow vulnerability in ngtcp2's qlog functionality allows attackers to potentially execute arbitrary code or crash applications when ...

CVE-2022-29255 is a vulnerability in Vyper smart contract language where external contract calls without return values could cause the contract addres...

This Linux kernel vulnerability allows local attackers to bypass SELinux W^X (Write XOR Execute) memory protection policies by using the remap_file_pa...

This vulnerability in soroban-sdk allows attackers to bypass security checks in Soroban smart contracts when trait and inherent functions share the sa...

The Vyper compiler fails to check success flags when using EcRecover and Identity precompiles, allowing attackers to deliberately cause these calls to...

Envoy proxy versions before 1.32.3, 1.31.5, 1.30.9, and 1.29.12 contain a null pointer dereference vulnerability when the http1_server_abort_dispatch ...

Envoy proxy versions using the default oghttp2 HTTP/2 codec contain stream management bugs that can cause crashes. This affects all Envoy 1.31 deploym...

This vulnerability in Quinn's QUIC implementation allows attackers to cause server panics by exploiting improper connection validation. Servers using ...

Parse Server deployments using the beforeFind Cloud Code trigger as a security layer are vulnerable to query manipulation bypass. This allows attacker...

The Vyper compiler generates incorrect bytecode for contracts using raw_call with revert_on_failure=False and max_outsize=0, causing unpredictable boo...

This vulnerability in Stargate-Bukkit Minecraft mod allows minecarts with chests to duplicate items when teleporting through portals, breaking game ec...

UltraJSON versions before 5.4.0 improperly decode JSON strings containing escaped surrogate characters, potentially corrupting data and allowing dicti...

This vulnerability in F5 BIG-IP Advanced WAF, ASM, and APM allows remote attackers to cause denial of service by terminating the bd process. It affect...

This vulnerability in Envoy proxy causes a segmentation fault when internal redirects select routes configured with direct response or redirect action...

This vulnerability in Microchip MiWi software allows attackers to manipulate frame counters before message authentication, potentially causing denial ...

This vulnerability in SSH Tectia Server allows attackers to intercept and manipulate SSH session traffic between clients and servers. It affects all u...

A Linux kernel vulnerability in the USB subsystem allows an infinite loop condition when processing BOS descriptors. This can lead to denial of servic...

HCL Traveler for Microsoft Outlook (HTMO) contains a control flow vulnerability where the application fails to properly manage execution flow, potenti...

This vulnerability in Cairo-Contracts for Starknet allows unauthorized ownership transfer after an owner renounces ownership. A pending owner can gain...

Wiki.js versions 2.5.303 and earlier contain an authentication bypass vulnerability where disabled users can regain access by using the password reset...

This vulnerability in http-proxy-middleware allows writeBody to be called twice due to a missing 'else if' statement, potentially causing unexpected b...