CVE-2025-24504
An improper input validation the CSRF filter results in unsanitized user input written to the application logs.
CVE-2025-24501
An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.
CVE-2025-0841
A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initia…
CVE-2025-24882
regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.
CVE-2025-0734
A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated…
CVE-2024-43445
A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated…
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Co…
CVE-2023-50733
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer
Lexmark devices.
CVE-2025-23202
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input vali…
CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16,…
CVE-2025-21370
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21344
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21284
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21280
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21235
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21234
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21230
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-0465
A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization…
CVE-2024-11636
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…
CVE-2024-42175
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.