CVE Catalog

An integer overflow vulnerability has been identified in the libyuv library used by Google Chrome. This issue affects versions of Chrome prior to 149.0.7827.103. The vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Compositing component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious HTML page.

A use-after-free vulnerability has been identified in the printing component of Google Chrome, prior to version 149.0.7827.103. This vulnerability could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Views component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious HTML page.

A use-after-free vulnerability has been identified in the Autofill feature of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Gamepad component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by exploiting a malicious peripheral.

A use-after-free vulnerability has been identified in the TabStrip component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by convincing users to perform specific UI gestures while interacting with a crafted HTML page.

A use-after-free vulnerability has been identified in the Aura component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker who has compromised the renderer process to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the File Input component of Google Chrome. This issue, present in versions prior to 149.0.7827.103, could allow a remote attacker to exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Ozone component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Ozone component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows a local attacker with physical access to the device to potentially exploit heap corruption.

A stack buffer overflow vulnerability has been identified in the Python bz2 module. This issue arises because BZ2Decompressor objects can be reused after a decompression error. If an application catches the resulting OSError and retries with the same decompressor, crafted input may cause the decompressor to resume from an invalid internal state, leading to out-of-bounds writes to a stack buffer. Consequently, this could crash the process when handling untrusted data.

A DOM-based cross-site scripting (XSS) vulnerability has been identified in the Fides privacy engineering platform, specifically in versions 2.33.0 prior to 2.84.5. The issue arises in the fides.js file, where client-controlled description overrides can bypass server-side sanitization when HTML-formatted descriptions are enabled. This vulnerability allows any visitor to execute arbitrary JavaScript in the context of the embedding site's origin, with potential persistence across subdomains via a crafted cookie.

A race condition vulnerability has been identified in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1. This vulnerability allows remote attackers to potentially cause a server crash or leak heap memory by exploiting a use-after-free condition during the promotion of TLS sessions.

A SQL injection vulnerability has been identified in CodeAstro Student Attendance Management System version 1.0. The issue resides in the file '/attendance-php/Admin/createClassArms.php', where the 'classId' parameter is manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, allowing attackers to gain unauthorized access to the database, leak sensitive information, tamper with data, and potentially disrupt services.

An authorization bypass vulnerability has been identified in WACRM versions prior to commit 73041bf. This vulnerability allows authenticated attackers to access and modify contacts belonging to other tenants. Exploitation involves supplying a caller-controlled contact_id in the POST request body, bypassing tenant ownership verification. The vulnerability arises from the use of a service-role client that ignores row-level security, enabling attackers to alter contact fields such as name, email, and company across tenant boundaries, using only a known contact UUID.

A vulnerability exists in TYPO3 HTML Sanitizer versions prior to 2.3.2, where namespace attributes are not properly encoded during HTML serialization. This flaw allows for bypassing the cross-site scripting (XSS) prevention mechanism of the sanitizer.

A vulnerability in TYPO3 Html-Sanitizer prior to version 2.3.2 allows for a cross-site scripting (XSS) bypass. When the ALLOW_INSECURE_RAW_TEXT option is enabled, the sanitizer fails to recognize whitespace-variant closing tags, such as '</style >', as invalid. Browsers accept these tags as legitimate, which can lead to content escaping the intended sanitization. This flaw allows for the evasion of XSS prevention mechanisms within the affected version of the sanitizer.

A path traversal vulnerability allowing authorization bypass has been identified in Headplane, a Web UI for Headscale. This issue affects versions through 0.6.2 and 0.7.0-beta.2. The vulnerability arises in the Headscale API client during node and user rename operations. It allows an authenticated user to manipulate API requests and access resources they are not authorized to manage, such as expiring or renaming nodes and users. This disruption can interfere with Tailnet connectivity and administrative processes.

A remote code execution vulnerability has been identified in Nginx Proxy Manager versions 2.9.14 prior to 2.15.1. This vulnerability arises from improper handling of user-supplied data in the setupCertbotPlugins() function of backend/setup.js. Attackers with the 'certificates:manage' permission can exploit this issue by injecting malicious commands into the 'dns_provider_credentials' field. The injected commands are executed without proper sanitization or escaping, leading to arbitrary command execution on the server when the backend is restarted.

A denial-of-service vulnerability has been identified in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1. The issue arises from improper validation of packet length during the tls-crypt-v2 key extraction process, allowing authenticated attackers to trigger a fatal assertion and cause a crash by sending a specially crafted packet.

A SQL injection vulnerability has been identified in CodeAstro Student Attendance Management System version 1.0. The issue resides in the file '/attendance-php/Admin/createClass.php?action=edit', where the 'Id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Student Attendance Management System version 1.0. The issue resides in the file '/attendance-php/Admin/createClass.php', where the 'className' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Student Attendance Management System version 1.0. The issue arises in the file '/attendance-php/index.php', where the 'username' parameter is not properly validated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A vulnerability allowing remote code execution and denial-of-service has been identified in YesWiki versions prior to 4.6.6. The issue resides in the Bazar form field calculator, specifically within the 'CalcField.php' file. The vulnerability arises because the application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression. This sanitized input is then passed to the PHP eval() function, creating a high-risk scenario. The regular expression can be exploited to cause a stack overflow, crashing the server, and if the regex validation is bypassed, it allows arbitrary PHP code execution via eval().

A vulnerability in the samlify library prior to version 2.13.0 allows for XML injection in SAML assertions. The issue arises because the library's template substitution process only escapes attribute contexts, leaving element text values, such as those in <saml:AttributeValue> elements, vulnerable to injection. A normal user can exploit this by injecting XML markup into attribute values and adding new <saml:Attribute> elements into signed assertions. The Identity Provider (IdP) signs the modified assertion, which is then accepted by the Service Provider (SP) as trusted. This injection of attributes can lead to privilege escalation when the injected attributes are used for authorization purposes, such as roles or groups.

A path traversal vulnerability has been identified in MVT (Mobile Verification Toolkit) versions through 2026.4.28, specifically in the iOS Backup processing module. The vulnerability arises from unsanitized file identifiers used in the Manifest.db SQLite database of iOS backups, which are directly applied in filesystem path construction. This flaw affects the 'decrypt-backup' and 'check-backup' commands, allowing for unauthorized file read and write operations outside the intended backup directory.

A SQL injection vulnerability has been identified in CodeAstro Payroll System version 1.0. The issue resides in the file '/PayrollSy-PHP/view_account.php', where the 'id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Payroll System version 1.0. The issue arises in the '/PayrollSy-PHP/home_salary.php' file, where the 'salary_rate' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential disruption of services.

A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in the web management interface of firmware versions 1.0.0.7 and 1.0.0.9. The vulnerability arises in the 'fromNatlimit' function within the '/goform/Natlimit' endpoint. An attacker can exploit this issue by sending an overly long string in the 'page' parameter, leading to a buffer overflow. This vulnerability can be exploited remotely, with potential consequences including a denial-of-service condition or remote code execution.

A code injection vulnerability has been identified in the AWS AgentCore CLI, specifically in versions 0.4.0 through 0.14.1 and certain preview versions. The issue arises from improper handling of triple-quote characters during Python code generation, which could allow an authenticated user to execute arbitrary code on their local environment or within the AWS AgentCore Runtime. This vulnerability is exploited by crafting a collaborationInstruction value that, when processed by the CLI, injects code into the main.py file of an imported agent. The injected code is executed with the permissions of the agent's IAM role or the developer's local AWS credentials, depending on the context.

A vulnerability exists in the Devolutions Server deleted user groups API, where missing authorization allows an authenticated low-privileged user to enumerate metadata of deleted user groups through a crafted API request. This issue affects Devolutions Server versions 2026.2.4.0, 2026.1.20.0 and earlier.

A vulnerability exists in Devolutions Server in the ticketing integration settings, where improper access control allows an authenticated low-privileged user to retrieve cleartext credentials for ticketing integrations. This is achieved through a crafted API request. The vulnerability affects Devolutions Server versions 2026.2.4.0, as well as all versions through 2026.1.20.0.

A command injection vulnerability has been identified in Devolutions Server within the built-in Privileged Access Management (PAM) provider password rotation templates. This issue allows an authenticated user with write access to a vault to execute arbitrary commands on systems managed by the affected PAM provider. The vulnerability is present in Devolutions Server versions 2026.2.4.0, as well as all versions through 2026.1.20.0.

A command injection vulnerability has been identified in the TP-Link Archer MR600 V5 router, specifically within the WireGuard client configuration. This issue arises from inadequate sanitization of user input in the web management interface. An authenticated attacker with administrative rights could exploit this vulnerability to execute arbitrary commands while applying configuration changes. Successful exploitation may lead to a complete compromise of the device's functionality and security.

An OS command injection vulnerability has been identified in the Tenda F451 wireless router, specifically in the web management interface of firmware versions 1.0.0.7 and 1.0.0.9. The vulnerability arises in the 'formWriteFacMac' function within the '/goform/WriteFacMac' endpoint. Here, the 'mac' parameter can be manipulated to inject shell metacharacters, allowing for remote code execution with root privileges.

A vulnerability exists in the D-Link DGS-1100-08PD switch, specifically in version 1.00.006. The issue arises from an unknown processing flaw in the web interface component, related to the file /etc/boa.conf. This flaw allows for a least privilege violation, potentially enabling unauthorized actions or access. The vulnerability can be exploited remotely, but doing so requires a high level of complexity, making the exploitation difficult.

A vulnerability in TOTOLINK CP450 version 4.1.0cu.747 has been identified, affecting the vsftpd configuration file. This issue arises from an unknown code manipulation that leads to a least privilege violation, allowing remote exploitation.

A stack-based buffer overflow vulnerability has been identified in the Tenda HG10 router, specifically in the web management interface under the 'formPPPEdit' handler. This vulnerability arises from the 'encodename' parameter, which can be manipulated to overflow a stack buffer. The issue can be exploited remotely, potentially leading to a crash of the Boa web service or arbitrary code execution, as the affected process runs with elevated privileges.

A vulnerability exists in SourceCodester Online Examination & Learning Management System and the Syllabus-aligned Learning Management and Examination System 1.0. The issue arises in the file import_users.php, where the argument raw_password can be manipulated to use a hard-coded password. This vulnerability can be exploited remotely.

A vulnerability exists in Snipe-IT versions prior to 8.6.0, allowing non-admin users with the 'users.edit' permission to lock admins out of the system. This is achieved by editing the 'activated' flag, which controls user login access, and the 'ldap_import' flag, which manages password reset requests. The issue has been patched in version 8.6.0.

A vulnerability in OpenMetadata versions prior to 1.12.4 allows non-admin SSO users to leak sensitive information by triggering a TEST_CONNECTION workflow for a Database Service. The HTTP 201 response from the POST /api/v1/automations/workflows endpoint includes both the cleartext database password and a JWT for the ingestion bot, which can be used to access sensitive service APIs with bot-level privileges.

A denial-of-service vulnerability has been identified in the Linux kernel's V3D graphics driver. The issue arises in the handling of multisync extensions, where the driver processes a user-supplied, self-referential linked list of extensions without any limit on its length. A local user can create an extension with zero synchronization counts that bypasses existing checks, causing the driver to enter an infinite loop. This loop blocks the executing thread and fully utilizes a CPU core, effectively freezing that core until the loop is manually interrupted. The vulnerability affects the Linux kernel stable tree.

A vulnerability in the Linux kernel's Intel IPU6 PCI device driver allows for an erroneous pointer dereference. During an error handling process, the 'isp->psys' pointer is incorrectly assumed to be valid, leading to a potential dereference of an error pointer. This issue arises in versions of the Linux kernel prior to the latest stable release.

A vulnerability exists in the Linux kernel's videobuf2 DMA scatter/gather memory management, specifically in the handling of virtual memory area (VMA) flags. The issue arises because the vb2_dma_sg_mmap function does not set the VMA flags VM_DONTEXPAND and VM_DONTDUMP, unlike the vb2_dma_contig function, which does. This discrepancy can lead to warnings during the memory mapping of imported DMA buffers from certain camera drivers that utilize the videobuf2 DMA scatter/gather operations.

A vulnerability in the Linux kernel's AMDGPU driver related to user queues has been addressed. The issue involved improper management of write pointer (wptr) object mappings, which could lead to accessing outdated data. This vulnerability was present because the wptr object could be unmapped while a queue was still being created, causing conflicts with other buffer objects at the same address. The problem has been fixed by using the 'drm_exec' function to properly manage locks on the virtual memory root buffer object and the write pointer object buffer object, ensuring that the mapping data is accessed correctly.

A NULL pointer dereference vulnerability has been identified in the Linux kernel's VSP1 module for Generation 4. This issue occurs during the module unload process, where the cleanup code incorrectly calls the 'vsp1_drm_cleanup()' function instead of the appropriate 'vsp1_vspx_cleanup()' function. The error arises because the cleanup code does not properly check the IP version before calling the cleanup functions, leading to a crash when the module is unloaded.

A vulnerability exists in the Linux kernel's DRM/xe user API, specifically in the memory advice (madvise) handling. The issue arises from the acceptance of certain memory coherency modes that can lead to the leakage of sensitive data. When the kernel clears memory pages before they are reallocated, the cleared data can remain in the CPU cache. A GPU operating under the 'coh_none' mode can bypass the CPU cache and access this stale data directly from the DRAM. This could potentially expose information from previously freed memory pages of other processes. The vulnerability affects Linux kernel versions 6.18 and later.