CVE Alert: CVE-2025-43964
Vulnerability Summary: CVE-2025-43964 In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and...
Vulnerabilities
CVE Alert: CVE-2025-43973
Vulnerability Summary: CVE-2025-43973 An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds...
CVE Alert: CVE-2025-43963
Vulnerability Summary: CVE-2025-43963 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not...
CVE Alert: CVE-2025-43972
Vulnerability Summary: CVE-2025-43972 An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go...
CVE Alert: CVE-2025-43962
Vulnerability Summary: CVE-2025-43962 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large...
CVE Alert: CVE-2025-43970
Vulnerability Summary: CVE-2025-43970 An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.,...
CVE Alert: CVE-2024-41446
Vulnerability Summary: CVE-2024-41446 A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts...
CVE Alert: CVE-2025-32408
Vulnerability Summary: CVE-2025-32408 In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. Affected Endpoints: No...
CVE Alert: CVE-2025-43971
Vulnerability Summary: CVE-2025-43971 An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a...
CVE Alert: CVE-2025-43916
Vulnerability Summary: CVE-2025-43916 Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the...
CVE Alert: CVE-2024-42699
Vulnerability Summary: CVE-2024-42699 Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject...
CVE Alert: CVE-2025-28121
Vulnerability Summary: CVE-2025-28121 code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the...
CVE Alert: CVE-2025-29659
Vulnerability Summary: CVE-2025-29659 Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the...
CVE Alert: CVE-2025-29287
Vulnerability Summary: CVE-2025-29287 An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary...
CVE Alert: CVE-2025-29660
Vulnerability Summary: CVE-2025-29660 A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP...
CVE Alert: CVE-2025-28367
Vulnerability Summary: CVE-2025-28367 mojoPortal
CVE Alert: CVE-2025-32793
Vulnerability Summary: CVE-2025-32793 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0...
CVE Alert: CVE-2025-3857
Vulnerability Summary: CVE-2025-3857 When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number...
CVE Alert: CVE-2025-28102
Vulnerability Summary: CVE-2025-28102 A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML...
CVE Alert: CVE-2025-43922
Vulnerability Summary: CVE-2025-43922 The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate...
CVE Alert: CVE-2025-3841
Vulnerability Summary: CVE-2025-3841 A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects...
CVE Alert: CVE-2025-32958
Vulnerability Summary: CVE-2025-32958 Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses...
CVE Alert: CVE-2025-23174
Vulnerability Summary: CVE-2025-23174 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Affected Endpoints: No affected endpoints listed. Published Date:...
CVE Alert: CVE-2025-3842
Vulnerability Summary: CVE-2025-3842 A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function...
