CVE Brief Security Intelligence

Type confusion in V8 in Google Chrome prior to 140

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Dawn in Google Chrome prior to 140

Use after free in WebRTC in Google Chrome prior to 140

Heap buffer overflow in ANGLE in Google Chrome prior to 140

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec

Integer overflow in V8 in Google Chrome prior to 140

Integer overflow in V8 in Google Chrome prior to 140

A flaw has been found in Magnetism Studios Endurance up to 3

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials

A vulnerability was determined in Topaz SERVCore Teller 2

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9

Rack is a modular Ruby web server interface

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3

A vulnerability in Apache IoTDB

Dell BSAFE Micro Edition Suite, versions prior to 5

A vulnerability has been found in MikroTik RouterOS 7

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network

Memory corruption due to global buffer overflow when a test command uses an invalid payload type

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd

Datart 1

A vulnerability was identified in H3C Magic B3 up to 100R002

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2

Path Traversal: 'dir/

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set

Flag Forge is a Capture The Flag (CTF) platform

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake

Memory corruption while performing private key encryption in trusted application

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers

Memory corruption while processing message in guest VM

Memory corruption while processing data sent by FE driver

Memory corruption while handling repeated memory unmap requests from guest VM

Memory corruption due to double free when multiple threads race to set the timestamp store

Memory corruption while encoding the image data

Memory corruption while handling invalid inputs in application info setup

iMonitor EAM 9

Improper authorization in the background migration endpoints of Langfuse 3

Transient DOS while parsing the EPTM test control message to get the test pattern

Transient DOS while handling command data during power control processing

Transient DOS while processing power control requests with invalid antenna or stream values

Horilla is a free and open source Human Resource Management System (HRMS)

mpregular is a package that provides a small program development framework based on RegularJS

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5

Flag Forge is a Capture The Flag (CTF) platform

A prototype pollution in the lib

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273

Horilla is a free and open source Human Resource Management System (HRMS)

Cryptographic issue while performing RSA PKCS padding decoding

Datart 1