The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-25141 - When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
Published: February 20, 2024; 4:15:08 PM -0500 -
CVE-2023-49034 - Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
Published: February 20, 2024; 4:15:07 PM -0500 -
CVE-2023-46967 - Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
Published: February 20, 2024; 4:15:07 PM -0500 -
CVE-2024-25260 - elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
Published: February 20, 2024; 1:15:52 PM -0500 -
CVE-2023-47422 - An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
Published: February 20, 2024; 5:15:08 PM -0500 -
CVE-2023-49114 - A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-con... read CVE-2023-49114
Published: February 26, 2024; 11:27:47 AM -0500 -
CVE-2024-21501 - Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker cou... read CVE-2024-21501
Published: February 24, 2024; 12:15:44 AM -0500V3.1: 5.3 MEDIUM
-
CVE-2024-25469 - SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
Published: February 23, 2024; 6:15:09 PM -0500 -
CVE-2024-22988 - An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
Published: February 23, 2024; 6:15:09 PM -0500 -
CVE-2024-25344 - Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defa... read CVE-2024-25344
Published: February 26, 2024; 11:27:58 AM -0500 -
CVE-2024-22873 - Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POS... read CVE-2024-22873
Published: February 26, 2024; 11:27:56 AM -0500 -
CVE-2024-22371 - Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X thro... read CVE-2024-22371
Published: February 26, 2024; 11:27:56 AM -0500V3.1: 7.5 HIGH
-
CVE-2023-50246 - jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
Published: December 13, 2023; 4:15:08 PM -0500V3.1: 5.5 MEDIUM
-
CVE-2021-45985 - In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Published: April 10, 2023; 5:15:07 AM -0400V3.1: 7.5 HIGH
-
CVE-2025-22035 - In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. T... read CVE-2025-22035
Published: April 16, 2025; 11:15:56 AM -0400 -
CVE-2025-22040 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the c... read CVE-2025-22040
Published: April 16, 2025; 11:15:56 AM -0400 -
CVE-2025-22041 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the co... read CVE-2025-22041
Published: April 16, 2025; 11:15:56 AM -0400 -
CVE-2025-22085 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: =====================================================... read CVE-2025-22085
Published: April 16, 2025; 11:16:02 AM -0400 -
CVE-2025-22088 - In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF... read CVE-2025-22088
Published: April 16, 2025; 11:16:03 AM -0400 -
CVE-2025-22097 - In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config poi... read CVE-2025-22097
Published: April 16, 2025; 11:16:04 AM -0400