Search CVE reports

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length...

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference),...

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then...

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage...

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An...

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or...

Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.

Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.