CVE-2024-33600 - nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in ... read CVE-2024-33600
Published: May 06, 2024; 4:15:11 PM -0400

CVE-2024-33601 - nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a ... read CVE-2024-33601
Published: May 06, 2024; 4:15:11 PM -0400

CVE-2024-33602 - nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.... read CVE-2024-33602
Published: May 06, 2024; 4:15:11 PM -0400

CVE-2024-34397 - An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer c... read CVE-2024-34397
Published: May 07, 2024; 2:15:08 PM -0400

CVE-2024-26517 - SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.
Published: May 14, 2024; 11:09:08 AM -0400

CVE-2024-34196 - Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a sta... read CVE-2024-34196
Published: May 14, 2024; 11:38:32 AM -0400

CVE-2025-28132 - A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where s... read CVE-2025-28132
Published: April 01, 2025; 1:15:46 PM -0400

CVE-2024-37917 - Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
Published: April 02, 2025; 5:15:30 PM -0400

CVE-2025-30080 - Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
Published: April 02, 2025; 5:15:33 PM -0400

CVE-2025-29477 - An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
Published: April 04, 2025; 2:15:48 PM -0400

CVE-2025-32028 - HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file type... read CVE-2025-32028
Published: April 08, 2025; 12:15:28 PM -0400

CVE-2025-29720 - Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
Published: April 14, 2025; 1:15:26 PM -0400

CVE-2025-2830 - By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attac... read CVE-2025-2830
Published: April 15, 2025; 11:16:08 AM -0400

CVE-2025-3522 - Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user cli... read CVE-2025-3522
Published: April 15, 2025; 11:16:09 AM -0400

CVE-2025-3739 - Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.
Published: April 16, 2025; 1:15:50 PM -0400

CVE-2025-32789 - EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password c... read CVE-2025-32789
Published: April 16, 2025; 6:15:14 PM -0400

V3.1: 3.7 LOW

CVE-2024-41200 - A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
Published: August 05, 2024; 1:15:41 PM -0400

CVE-2024-38808 - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an... read CVE-2024-38808
Published: August 20, 2024; 4:15:05 AM -0400

CVE-2024-21140 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 2... read CVE-2024-21140
Published: July 16, 2024; 7:15:15 PM -0400

CVE-2025-2561 - The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa... read CVE-2025-2561
Published: May 19, 2025; 2:15:19 AM -0400