CVE Brief Security Intelligence

A high-severity vulnerability exists in Ghidra versions prior to 12.0, potentially impacting the security of the database management component.

Google Chrome contains an inappropriate implementation in the V8 JavaScript engine that allows remote code execution via a crafted HTML page.

An out-of-bounds memory access vulnerability exists in the ANGLE graphics engine of Google Chrome, potentially allowing remote memory corruption.

Insufficient input validation in the Reading List feature of Google Chrome on iOS allows for privilege escalation via malicious UI gestures.

A high-severity security flaw has been discovered in Undertow, a flexible performant web server used in many Java-based applications.

A path traversal vulnerability in the SimpleSAMLphp-casserver allows attackers to read and potentially execute arbitrary code via malicious file-based ticket manipulation.

The Xstore WordPress theme is vulnerable to an unauthenticated SQL injection via an AJAX action due to improper input sanitization.

Roxy-WI versions 8.2.6.4 and prior contain an authentication bypass vulnerability triggered by specific URL patterns, potentially allowing unauthenticated access to the API.

A critical authorization flaw in Roxy-WI allows authenticated users to execute unauthorized systemd operations, leading to potential privilege escalation.

The Anti-Spam by CleanTalk plugin for WordPress contains an undisclosed vulnerability with a CVSS score of 8.8.

Pi-hole FTL, the core engine of the Pi-hole network blocker, is affected by a high-severity vulnerability.

Ghidra 11 is affected by a high-severity vulnerability related to superuser privilege handling.

Jenkins 2 is subject to a high-severity vulnerability involving the deserialization of arbitrary data.

A remote code execution vulnerability in Splunk products arises from unsafe deserialization of data, allowing low-privileged users to execute arbitrary code.

Fission, a Kubernetes-native serverless framework, contains a vulnerability that requires immediate attention from users of the platform.

Dulwich contains an arbitrary file write vulnerability via NTFS-hostile tree entries, enabling remote code execution when checking out malicious Git repositories.

A use-after-free vulnerability in the NVIDIA Display Driver for Linux may allow a local attacker to cause a system crash or potentially execute arbitrary code.

A slab-use-after-free vulnerability exists in the Linux kernel's mac80211 subsystem during radar detection work.

A flaw in the AMD Zen2 op cache management allows for improper resource sharing, which may lead to instruction corruption.

An integer overflow in the Linux kernel's batman-adv component can lead to out-of-bounds memory access.

A use-after-free vulnerability exists in the Linux kernel's batman-adv module during the deletion of backbone claims.

The Linux kernel's batman-adv module is vulnerable to an issue involving the incorrect caching of unowned originator pointers in BAT IV.

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows for directory traversal and potential arbitrary file manipulation.

A vulnerability in the OpenShift Route resource allows low-privileged users to inject malicious HAProxy configurations, potentially leading to cross-tenant traffic hijacking.

HCL Digital Experience is affected by an OS command injection vulnerability within its Digital Asset Management API.

Ghidra versions prior to 12 are affected by a security vulnerability requiring immediate attention.

Ghidra versions prior to 12 are affected by a security vulnerability requiring immediate attention.

A command injection vulnerability in dracut's legacy DHCP path allows remote attackers on an adjacent network to execute code as root within the initramfs.

TechSmith Snagit 19 is affected by a security vulnerability that has been subject to late disclosure.

Flowise versions prior to 3.1.2 lack authentication middleware on CRUD endpoints for OpenAI Assistants Vector Store, enabling unauthorized data modification.

A stored cross-site scripting (XSS) vulnerability in Vinna Process Monitor allows authenticated attackers to inject malicious scripts, potentially compromising session credentials.

A technical flaw in the Undertow web server component could allow for remote exploitation, potentially impacting application stability and security.

A request smuggling vulnerability in Red Hat Undertow allows attackers to bypass authentication and access restricted information by exploiting inconsistent HTTP header processing.

Adobe Dreamweaver contains a vulnerability in a third-party component that could allow arbitrary code execution if a user opens a malicious file.

A Server-Side Request Forgery (SSRF) vulnerability in the Fedify TypeScript library allows attackers to bypass IP validation and interact with internal or restricted network resources.

Spring WS is vulnerable to Server-Side Request Forgery (SSRF) when processing WS-Addressing headers, allowing attackers to force outbound connections to arbitrary destinations.

A denial-of-service vulnerability in the Linux kernel ibmveth driver on IBM Power systems can cause network traffic to halt due to improper GSO handling.