Explore CVEs

Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser ...

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-...

Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This v...

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code e...

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying au...

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowi...

Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11....

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training proced...

### Impact Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to v...

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker...

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other...

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could al...

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not...

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack o...

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ...

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted r...

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypass...

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path c...