CVE-2024-25141 - When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
Published: February 20, 2024; 4:15:08 PM -0500

CVE-2023-49034 - Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
Published: February 20, 2024; 4:15:07 PM -0500

CVE-2023-46967 - Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
Published: February 20, 2024; 4:15:07 PM -0500

CVE-2024-25260 - elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
Published: February 20, 2024; 1:15:52 PM -0500

CVE-2023-47422 - An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
Published: February 20, 2024; 5:15:08 PM -0500

CVE-2023-49114 - A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-con... read CVE-2023-49114
Published: February 26, 2024; 11:27:47 AM -0500

CVE-2024-21501 - Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker cou... read CVE-2024-21501
Published: February 24, 2024; 12:15:44 AM -0500

V3.1: 5.3 MEDIUM

CVE-2024-25469 - SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
Published: February 23, 2024; 6:15:09 PM -0500

CVE-2024-22988 - An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
Published: February 23, 2024; 6:15:09 PM -0500

CVE-2024-25344 - Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defa... read CVE-2024-25344
Published: February 26, 2024; 11:27:58 AM -0500

CVE-2024-22873 - Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POS... read CVE-2024-22873
Published: February 26, 2024; 11:27:56 AM -0500

CVE-2024-22371 - Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X thro... read CVE-2024-22371
Published: February 26, 2024; 11:27:56 AM -0500

V3.1: 7.5 HIGH

CVE-2023-50246 - jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
Published: December 13, 2023; 4:15:08 PM -0500

V3.1: 5.5 MEDIUM

CVE-2021-45985 - In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Published: April 10, 2023; 5:15:07 AM -0400

V3.1: 7.5 HIGH

CVE-2025-22035 - In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. T... read CVE-2025-22035
Published: April 16, 2025; 11:15:56 AM -0400

CVE-2025-22040 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the c... read CVE-2025-22040
Published: April 16, 2025; 11:15:56 AM -0400

CVE-2025-22041 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the co... read CVE-2025-22041
Published: April 16, 2025; 11:15:56 AM -0400

CVE-2025-22085 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: =====================================================... read CVE-2025-22085
Published: April 16, 2025; 11:16:02 AM -0400

CVE-2025-22088 - In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF... read CVE-2025-22088
Published: April 16, 2025; 11:16:03 AM -0400

CVE-2025-22097 - In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config poi... read CVE-2025-22097
Published: April 16, 2025; 11:16:04 AM -0400