Explore CVEs

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

## Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenti...

## Summary A flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted servi...

### Summary The `ImportIam` admin API validates permissions using **`ExportIAMAction`** instead of **`ImportIAMAction`**, allowing a principal with *...

### Impact Non-string types are converted into string types, leading to type errors in %d conversions. ### Patches The problem has been patched in ve...

### Summary A critical authorization boundary bypass in namespaced Kyverno Policy [apiCall](https://kyverno.io/docs/policy-types/cluster-policy/exter...

### Summary A security vulnerability exists in `@fastify/express` where middleware registered with a specific path prefix can be bypassed using URL-en...

### Impact The `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br)....

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename p...

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deploymen...

### Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. ### Summar...

## Security Advisory: Open Redirect in Directus SAML Authentication ### Summary An open redirect vulnerability exists in the Directus SAML authentic...

### Summary A security vulnerability exists in `@fastify/middie` where middleware registered with a specific path prefix can be bypassed using URL-enc...

React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route `action` handlers in [Fra...

React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in [Framework Mode](https://reactrouter.com/start/mod...

## Impact **Vulnerability Type:** HTML Injection via JSON Type Confusion **Affected Versions:** Preact 10.26.5 through 10.28.1 **Severity:** Low to...

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...