📦 Bootstrap Os

This vulnerability in Apache Tomcat allows path traversal attacks via internal dot handling in filenames, potentially leading to remote code execution, information disclosure, or file corruption. It a...

libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cleanup, causing a use-after-free condition. This vulnerability affects applications using libcurl wit...

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Apache Tomcat allows attackers to bypass security checks and write malicious files to case-insensitive file systems. This affects T...

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Apache Tomcat's JSP compilation allows attackers to achieve Remote Code Execution (RCE) on case-insensitive file systems when the d...

CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts dat...

CVE-2024-32487 is a command injection vulnerability in the 'less' pager utility that allows attackers to execute arbitrary OS commands via specially crafted filenames containing newline characters. Th...

This vulnerability allows remote attackers to interfere with DNS name resolution by sending invalid packets from expected IP addresses and source ports, disrupting DNS queries. It affects systems usin...

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers exceed the 1000-header limit. This allows attackers to cause denial of service through resource exha...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment va...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applications. It affects Java deployments running sandbox...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or cause denial of service. It affects applications that ...

Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when users view specially crafted zip files and press 'x' on unusual filenames. This affects users who open z...

CVE-2025-22134 is a heap-buffer overflow vulnerability in Vim that occurs when switching buffers using the :all command while visual mode is active. This allows attackers to potentially execute arbitr...

This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-of-service conditions. It affects servers using Jet...

CVE-2024-43374 is a use-after-free vulnerability in Vim's argument list handling that can cause the editor to crash. It affects users running Vim versions prior to 9.1.0678 who manually create unusual...

This vulnerability in iPerf3 allows attackers to exploit a timing side channel in RSA decryption operations when using OpenSSL with RSA authentication. Attackers could potentially recover credential p...