CVE Brief Security Intelligence

NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents

The Fortis for WooCommerce WordPress plugin before 1

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods

Sandbox escape in Firefox and Firefox Focus for Android

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6

HSC MailInspector v5

HSC MailInspector 5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass

Use-after-free in the DOM: Bindings (WebIDL) component

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow

Funnel Builder for WooCommerce Checkout prior to 3

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow

A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7

libheif is a HEIF and AVIF file format decoder and encoder

Privilege escalation in the Security component

CtrlPanel is open-source billing software for hosting providers

Information disclosure, sandbox escape in the Security: Process Sandboxing component

An improper authentication vulnerability was discovered in the Motorola Factory Test component (com

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL

A flaw was found in Keycloak's URL validation logic during redirect operations

Mitigation bypass in the DOM: Security component

CtrlPanel is open-source billing software for hosting providers

Rsync version 3

In memcached before 1

In memcached before 1

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap

A flaw was found in Keycloak

A session fixation vulnerability was found in Keycloak's login-actions endpoints

Incorrect boundary conditions in the Audio/Video: Web Codecs component

Integer overflow in the Widget: Win32 component

Incorrect boundary conditions, integer overflow in the Audio/Video component

Spoofing issue in WebExtensions

Spoofing issue in the Web Speech component

Spoofing issue in the Popup Blocker component

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

HestiaCP versions 1

Terrascan v1

Terrascan v1

Terrascan v1

In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available

Kitty is a cross-platform GPU based terminal

Offline Hospital Management System 5

An issue was discovered in ModelScope 1

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request

A flaw was found in Keycloak

libheif is a HEIF and AVIF file format decoder and encoder

libheif is a HEIF and AVIF file format decoder and encoder