CVE Brief Security Intelligence

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request

Use after free in Extensions in Google Chrome prior to 139

Use after free in Cast in Google Chrome prior to 139

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request

Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access

The installer for SAN Host Utilities for Windows versions prior to 8

Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass

Binding authentication bypass vulnerability in the devicemanager module

Dell SupportAssist OS Recovery, versions prior to 5

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

A Remote Code Execution (RCE) vulnerability in Grav CMS v1

Insecure Data Storage of credentials has been found in /api_vedo/configuration/config

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch

Information disclosure while accessing and modifying the PIB file of a remote device via powerline

Out-of-bounds write vulnerability in the skia module

CWE-639 Authorization Bypass Through User-Controlled Key

CWE-639 Authorization Bypass Through User-Controlled Key

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2

Path traversal vulnerability in the virtualization base module

Path traversal vulnerability in the virtualization file module

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability

An unrestricted file upload vulnerability in Vedo Suite version 2024

Race condition vulnerability in the virtualization base module

IBM Tivoli Monitoring 6

IBM Tivoli Monitoring 6

Vulnerability of improper processing of abnormal conditions in huge page separation

Memory corruption while submitting blob data to kernel space though IOCTL

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously

Memory corruption when programming registers through virtual CDM

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers

Memory corruption while processing commands from A2dp sink command queue

Memory corruption while handling client exceptions, allowing unauthorized channel access

Memory corruption while processing DDI call with invalid buffer

Memory corruption while processing an IOCTL command with an arbitrary address

Memory corruption while processing DDI command calls

Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host

Memory corruption while processing simultaneous requests via escape path

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability

Authentication management vulnerability in the ArkWeb module

Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network

Transient DOS while processing CCCH data when NW sends data with invalid length

Transient DOS while processing a frame with malformed shared-key descriptor

Transient DOS while processing an ANQP message

Transient DOS while creating NDP instance

CWE-204: Observable Response Discrepancy

Incorrect access control in Sage DPW v2024

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP

LinkJoin through 882f196 mishandles lacks type checking in password reset

LinkJoin through 882f196 mishandles token ownership in password reset

Status verification vulnerability in the lock screen module

EXTRA_REFERRER resource read vulnerability in the Gallery module

Memory corruption while processing specific files in Powerline Communication Firmware

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1

poco v1

Cancelling a query (e