Explore CVEs

### Impact Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on ...

### Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without pr...

Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functiona...

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS data...

### Summary Invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers an...

TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via C...

### Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker ...

## Impact **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitr...

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exi...

## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ...

## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ...

### Summary Users can crash the vLLM engine serving multimodal models that use the _Idefics3_ vision model implementation by sending a specially craft...

# Security Disclosure: SSRF via MetaIssuer Regex Bypass ## Summary Fulcio's `metaRegex()` function uses unanchored regex, allowing attackers to bypa...

### Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the `EnvoyExtensionPolicy` resource. Administrators...

The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initia...

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365,...

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Mona...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Grow...