Medium
CVSS: 6.9
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repe…
High
CVSS: 7.7
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion…
Medium
CVSS: 5.8
Mattermost versions 11.3.x
Medium
CVSS: 4.3
Mattermost versions 11.3.x
High
CVSS: 7.4
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.
This…
High
CVSS: 8.8
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
High
CVSS: 7.0
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVSS: 8.8
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8…
Medium
CVSS: 4.3
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but…
High
CVSS: 7.5
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected…
Critical
CVSS: 9.3
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Medium
CVSS: 5.3
Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls…
Medium
CVSS: 6.5
Mattermost versions 11.0.x
Low
CVSS: 3.0
Mattermost versions 10.11.x
Medium
CVSS: 6.5
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
Medium
CVSS: 4.3
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
Medium
CVSS: 6.5
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User int…
Medium
CVSS: 6.5
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
Critical
CVSS: 9.1
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special cha…
High
CVSS: 7.5
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.