CVE Catalog

A SQL injection vulnerability has been identified in DedeCMS version 5.7.88. The issue arises in the RemoveXSS function within the file plus/carbuyaction.php. The vulnerability can be exploited remotely by manipulating the postname or des arguments. This flaw allows for unauthorized SQL code execution, potentially leading to database manipulation or data exposure.

A SQL injection vulnerability has been identified in DedeCMS version 5.7.88. The issue arises in the function dede_htmlspecialchars within the file plus/flink.php. The vulnerability can be exploited remotely, and public exploits are available.

A vulnerability exists in the Graph Explorer proxy server in versions 1.1.0 prior to 3.0.1. When certificate files are missing, the server defaults to HTTP instead of HTTPS, potentially allowing remote attackers to intercept sensitive information from requests meant to be secure.

A privilege escalation vulnerability has been identified in PlayStation 4 firmware versions 13.00 through 13.02. This vulnerability allows an attacker to escape the BD-J (Blu-ray Disc Java) sandbox by using a malformed JAR file. The issue arises because the BD-J security policy improperly canonicalizes file paths, enabling untrusted code to be executed with elevated permissions.

A denial-of-service vulnerability has been identified in the Dräger Atlan A350 software, specifically in versions 1.00 through 1.01. The issue arises from improper input handling that allows attackers to disrupt device operation by sending specially crafted, non-Medibus-compliant data through the Medibus interface. This malformed data can overload the internal processor, causing a gradual disruption in device functionality over several hours. The impact includes loss of data transmission, delayed updates of real-time monitoring curves, and discrepancies between displayed airway pressure values and the corresponding screen curves.

A buffer overflow vulnerability has been identified in Dräger CC-Vision Basic versions prior to 7.5.3 and Dräger CC-Vision E-Cal versions prior to 7.2.5.0. The vulnerability arises from an out-of-bounds write issue when the applications load .gdt files. A crafted .gdt file can exploit this flaw during file parsing, potentially allowing an attacker to crash the application or execute malicious code on the underlying system.

A denial-of-service vulnerability has been identified in Dräger Infinity M300 patient-worn monitors running software versions VG2.x and earlier. This vulnerability allows attackers with access to the hospital or Infinity Network to repeatedly cause the devices to reboot. After several reboots, the device enters a fail state that requires a manual restart. Exploitation of this vulnerability disrupts wireless network connectivity, temporarily halts patient monitoring, and interrupts alarm functionality, all of which must be manually restored.

A denial-of-service vulnerability has been identified in the Dräger Perseus A500 software, specifically in versions 2.00 through 2.02. This vulnerability arises from improper input handling that allows external attackers to disrupt service by sending specially crafted data that does not comply with Medibus standards, through the Medibus interface. The malformed data can overload the device's internal processor, causing it to warm restart. This interruption drops the ventilation pressure to ambient levels, disrupting patient ventilation for several seconds before normal therapy resumes.

A vulnerability exists in Dräger SC Monitoring devices, including the SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL models, all software versions. These devices contain hard-coded plaintext credentials in the source code, along with a denial-of-service vulnerability. This issue allows local and remote attackers to compromise the integrity of the devices. A local attacker with direct access can use the hard-coded credentials to access service and clinical accounts, enabling them to alter device configurations. Meanwhile, a remote attacker can send malformed network packets that cause the device to repeatedly reboot, leading to a loss of network connectivity and disruption of patient monitoring.

A denial-of-service vulnerability has been identified in Dräger Infinity M300 patient-worn monitors running software versions VG2.3.1 and earlier. This vulnerability allows network-adjacent attackers to repeatedly cause device reboots by sending malicious requests over the Infinity Network. Exploitation of this issue forces the device into a fail state that requires a manual restart, leading to a loss of wireless connectivity and disruption of patient monitoring functionality.

A stack-based buffer overflow vulnerability has been identified in CZ.NIC BIRD Internet Routing Daemon versions through 2.19.0. The issue arises in the BGP AS_PATH mask matching implementation, where the as_path_match() function uses a fixed-size stack array that can be exceeded by improperly validated AS_PATH segments. This vulnerability is triggered when RFC 8654 BGP Extended Messages are enabled, allowing an established BGP peer to send a long AS_PATH with more than 2048 expanded ASNs. The overflow causes the daemon to crash.

A critical vulnerability has been identified in OpenClaude, an open-source command line interface for coding agents, prior to version 0.5.1. The issue arises from the 'dangerouslyDisableSandbox' parameter being exposed in the BashTool input schema. This exposure allows the language model (an untrusted entity according to the project's threat model) to set the parameter to true in any tool use response. When combined with the default 'allowUnsandboxedCommands' setting of true, a prompt-injected model can escape the sandbox and execute arbitrary commands on the host, leading to full code execution. This vulnerability has been patched in version 0.5.1.

A vulnerability in OpenClaude's MCP authentication flow allows for an OAuth state validation bypass, leading to a denial-of-service condition. The issue arises because the authentication process relies on a temporary local HTTP server to manage OAuth callbacks. To mitigate CSRF attacks, the server checks the 'state' parameter against a stored value. However, a logic flaw in the conditional checks enables an attacker to bypass this validation entirely. By sending a request with an 'error' parameter, the attacker can force the server to shut down, disrupting the user's authentication session without needing to know the 'state' value.

A vulnerability allowing improper access control has been identified in Dell ThinOS 10, in versions prior to 2602_10.0765. This vulnerability could be exploited by a low-privileged attacker with local access, potentially leading to privilege escalation.

An improper access control vulnerability has been identified in Dell ThinOS 10, in versions prior to 2602_10.0765. This vulnerability allows an unauthenticated attacker with physical access to exploit the issue, potentially leading to unauthorized information exposure.

A vulnerability in NamelessMC version 2.2.4 allows authenticated low-privileged users to add reactions to private or blocking profile posts. The issue arises because the software only checks if the wall post exists, without enforcing visibility restrictions. This vulnerability is present in the file 'core/classes/Misc/ProfilePostReactionContext.php'.

A vulnerability in NamelessMC version 2.2.4 allows unauthenticated users to access reaction details on private profile posts, including participant information and timestamps. This issue arises because the reaction context validation does not consider profile visibility settings. Additionally, authenticated users with low privileges can add reactions to private or blocking profile posts.

A vulnerability in NamelessMC version 2.2.4 allows users with the 'profile.post' permission to bypass privacy settings on profile pages. The issue arises in the profile module's wall post submission process, which fails to properly verify authorization before processing posts and replies. This oversight enables users to post on private or blocked profiles and to inject replies into wall posts of other users via restricted profile URLs.

A vulnerability in NamelessMC version 2.2.4 allows users to bypass topic-level authorization when managing forum post reactions. The issue arises in the forum reactions context validation, which only checks if the user can view the forum but fails to enforce restrictions on viewing other users' topics. Consequently, in forums where users are limited to their own topics, they can still read and modify reactions on posts in other topics.

A Cross-Site Scripting (XSS) vulnerability has been identified in React Router versions 7.5.1 prior to 7.13.2. This issue arises when Framework Mode is used with pre-rendering enabled, allowing improper handling of the HTTP Location header. If the redirect location is sourced from an untrusted entity, it can lead to XSS in the statically generated HTML files. This vulnerability does not affect applications using Declarative Mode or Data Mode.

A vulnerability in NVIDIA NVTabular allows for improper deserialization of untrusted data, which could be exploited to execute code, tamper with data, and disclose information. This issue affects all versions of NVTabular prior to the commit 5dd11f4.

A vulnerability in NVIDIA NVTabular allows for improper deserialization of untrusted data, which could be exploited to execute code, tamper with data, and disclose information. This issue affects all versions of NVTabular up to 5dd11f4.

A stack-based buffer overflow vulnerability has been identified in the TP-Link Tapo C200 v5 camera model. This issue arises in the Real-Time Streaming Protocol (RTSP) authentication process, where the Authorization header field lengths are not properly validated. Exploitation of this vulnerability can be triggered by sending a crafted authentication request. Successful exploitation causes the RTSP core service process to crash, leading to an automatic system reboot. This disruption creates a denial-of-service condition, preventing legitimate users from accessing the camera's live video stream or management interface until the service is restored.

A SQL injection vulnerability has been identified in DedeCMS version 5.7.88. The issue arises in the Feedback Handler component, specifically within the TrimMsg function of the /plus/feedback.php file. The vulnerability can be exploited remotely by manipulating the 'msg' argument.

A remote code execution vulnerability has been identified in Spacelabs Healthcare Sentinel versions 10.5.x and higher, as well as 11.x.x prior to 11.6.0. This vulnerability arises from an unauthenticated .NET Remoting HTTP channel exposed on port 8989, which allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Exploitation of this vulnerability enables attackers to write ASPX web shells to the IIS wwwroot directory, achieving unauthenticated remote code execution on the system. While port 8989 is not exposed by default in Sentinel installations, the vulnerability can be exploited if the .NET Remoting port has been deliberately made network-accessible through configuration or network policy changes.

A vulnerability exists in HCL iReflection version 8.1.0.0 due to the use of third-party components that are vulnerable and outdated. This issue, detected in the web application, can lead to the exploitation of known security flaws.

A vulnerability exists in Devolutions Server versions through 2026.1.19, where improper access control in the permission validation component allows authenticated users with entry edit privileges to modify asset information without the necessary permissions. This issue could lead to unauthorized changes in asset management.

A vulnerability exists in Devolutions Server versions through 2026.1.19, where improper access control in the PAM account discovery feature allows authenticated users without administrative privileges to delete network discovery scan configurations.

A stored cross-site scripting vulnerability has been identified in Appsmith's SQL query editor, specifically in version 1.98. The issue arises because the autocomplete feature does not properly sanitize database object names before displaying them. This flaw allows authenticated developers to inject malicious JavaScript into table or column names. When other workspace members interact with the same datasource and trigger the SQL autocomplete, the injected script executes in their browser sessions. The vulnerability could lead to session hijacking, privilege escalation, or credential theft.

A vulnerability allowing memory exhaustion has been identified in the Elixir Mint HTTP client, specifically in versions 0.1.0 prior to 1.9.0. This issue arises from the HTTP/2 handling of header frames. When a HEADERS frame is received without the END_HEADERS flag, the unprocessed header block is stored in a connection variable. Subsequent CONTINUATION frames for that stream are added to this accumulator without any size or count limits. As a result, an attacker-controlled HTTP/2 server can send an infinite stream of CONTINUATION frames, each up to the maximum frame size allowed by the peer, leading to arbitrary memory consumption and causing the client's process to crash.

A vulnerability allowing HTTP response smuggling has been identified in the Elixir Mint library, specifically in versions 0.1.0 prior to 1.9.0. This issue arises from the HTTP/1 Content-Length parser, which incorrectly accepts header values with a '+' sign, contrary to RFC 7230 specifications. When Mint shares a connection with a strict fronting proxy, this discrepancy can be exploited to desynchronize response framing, allowing bytes from one response to leak into another. This vulnerability is particularly concerning when the same Mint connection is used across different trust boundaries.

A vulnerability in the Elixir Mint HTTP client, specifically in versions 0.2.0 prior to 1.9.0, allows attacker-controlled HTTP/2 servers to exhaust the client's memory. This is achieved by flooding the client with PUSH_PROMISE frames and withholding the corresponding response HEADERS, leading to a denial-of-service condition. The issue arises because the client does not properly enforce concurrency limits on promised streams, allowing a malicious server to pin an unbounded number of streams and cause the client process to run out of memory.

A CRLF injection vulnerability has been identified in the Elixir Mint library, specifically in versions 0.1.0 prior to 1.9.0. This vulnerability allows HTTP request splitting and smuggling by improperly validating CRLF sequences in the HTTP request line. The issue arises in the HTTP/1 request encoder, where the method and target inputs are directly inserted into the request line without validation. As a result, an attacker can manipulate the request line to inject headers and pipeline additional requests over the same TCP connection.

A remote code execution vulnerability has been identified in OpenMed versions prior to 1.5.2. The issue arises in the PII privacy-filter model loading process, where the dispatcher improperly matches user-supplied model names. This flaw allows an unauthenticated attacker to route malicious model repositories through a path that loads Hugging Face models with remote code execution enabled. The attacker's code is executed with the privileges of the OpenMed service process.

A remote integer overflow vulnerability has been identified in the OpenTelemetry eBPF Instrumentation, specifically in versions 0.7.0 prior to 0.9.0. The issue arises in OBI's memcached text protocol parser, where the parser accepts excessively large byte values in storage commands without proper overflow checks. This flaw can be exploited by sending a crafted request that causes the calculated payload length to wrap around negatively, leading to a runtime panic and crashing the OBI process. The vulnerability allows for a denial-of-service condition, disrupting telemetry collection until the process is manually restarted.

A denial-of-service vulnerability has been identified in the OpenTelemetry eBPF Instrumentation MongoDB parser, present in versions 0.1.0 prior to 0.9.0. The issue arises when malformed MongoDB wire messages are processed, leading to uncaught panics that crash the telemetry agent. This vulnerability allows remote, unauthenticated attackers to disrupt telemetry collection by sending crafted messages that exploit the parser's lack of input validation, causing a process termination that requires a manual restart.

A memory safety vulnerability has been identified in OpenTelemetry eBPF Instrumentation's log enricher component, specifically in versions 0.7.0 prior to 0.9.0. The issue arises from improper handling of multi-segment writev buffers. The log enricher reads only the first segment of the buffer while using the total byte count of all segments as the length for copying data. This discrepancy can be exploited when log injection is enabled, allowing crafted writev calls to cause the log enricher to read and overwrite memory beyond the first segment. Such exploitation can corrupt adjacent application buffers, leak memory into log events, and potentially destabilize the instrumented process.

A vulnerability in the OpenTelemetry eBPF Instrumentation's Java TLS ioctl probe allows for local kernel memory disclosure. This issue arises because the probe reads user-controlled ioctl pointers using 'bpf_probe_read' instead of the safer 'bpf_probe_read_user'. As a result, an instrumented process can direct the OpenTelemetry Bytecode Instrumentation (OBI) at kernel memory, leading to unauthorized memory access. The vulnerability is present in versions prior to 0.9.0.

A memory leak vulnerability has been identified in OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. The issue arises from a custom CappedConcurrentHashMap used for tracking Java TLS state, which fails to remove keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, this can lead to unbounded queue growth and heap memory exhaustion, particularly during periods of frequent TLS connection churn.

A vulnerability in OpenTelemetry eBPF Instrumentation prior to version 0.9.0 allows for an out-of-bounds read that can leak adjacent memory into telemetry. This issue arises in the per-CPU message-buffer fallback path, which uses a 256-byte backup buffer while preserving the original payload size of up to 8KB. When a CPU mismatch occurs, the OpenTelemetry eBPF Instrumentation can read beyond the fallback buffer, causing a memory leak. This vulnerability has been patched in version 0.9.0.

A performance issue has been identified in OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. The problem arises in the OBI component, which replays BPF probe hits into histogram observations by iterating once for each recorded run count. On busy systems, this run-count delta can grow significantly, leading the metrics exporter to consume excessive CPU resources in a tight loop during each collection interval. This behavior can be exacerbated by driving high traffic through instrumented services, creating a workload that amplifies the CPU consumption issue.

A vulnerability in OpenTelemetry eBPF Instrumentation prior to version 0.9.0 allows for the unfiltered export of Redis error messages as span status updates. This issue can lead to the exfiltration of sensitive information, such as tokens and personal data, into telemetry systems. The problem arises because Redis error replies can include attacker-controlled or confidential values, which are then injected into analysis backends without proper sanitization. The vulnerability is present in versions greater than v0.0.0-rc.1+build and has been patched in v0.9.0.

A vulnerability in the OpenTelemetry eBPF Instrumentation Postgres protocol parser, present in versions prior to 0.9.0, allows for a panic to occur when handling malformed BIND message payloads. The parser expects a valid NUL-terminated portal name, but a crafted empty or unterminated payload can cause the parser to slice beyond the end of the buffer, leading to a runtime panic. This issue arises because the parser does not validate the payload length before processing, allowing for out-of-bounds access and subsequent crashes.

A denial-of-service vulnerability has been identified in OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. The issue arises from the ELF parser in the OBI component, which improperly trusts section offsets and counts from executable files. This flaw allows a crafted local ELF to cause OBI to dereference invalid section pointers or slice past string tables, leading to a panic in the agent while it determines the process language. The vulnerability can be exploited by any local tenant or process owner who executes a malformed binary on a monitored host, causing the OBI telemetry agent to crash and disrupting observability for other workloads.

A denial-of-service vulnerability has been identified in NiceGUI, a Python-based UI framework, prior to version 3.12.0. The issue arises in two FastAPI routes that serve per-component static assets. These routes accept a sub-path parameter that can be manipulated to resolve to a directory instead of a file. When a request targets a directory, it triggers an unhandled RuntimeError in Starlette's FileResponse. This error is logged by Uvicorn as a full traceback, amplifying log volume and consuming disk space. The vulnerability is accessible without authentication, allowing remote attackers to disrupt any publicly reachable NiceGUI server by overloading its log capacity and exhausting disk space.

A local file disclosure vulnerability exists in NiceGUI versions prior to 3.12.0, specifically within the reStructuredText rendering function 'ui.restructured_text()'. This function processes user-supplied reStructuredText using Docutils, without disabling file insertion directives. As a result, an attacker can exploit this by injecting content that utilizes standard Docutils directives, such as 'include', 'csv-table' with ':file:', or 'raw' with ':file:', to read local files accessible to the NiceGUI server process. The vulnerability arises when applications pass untrusted or user-controlled content to 'ui.restructured_text()', leaving sensitive files like application '.env' files, database URLs, API tokens, and other confidential information exposed.

An improper access control vulnerability has been identified in Klaw, a self-service Apache Kafka topic management tool, in versions through 2.10.3. This vulnerability allows for the unauthorized disclosure of password hashes. The issue has been addressed in version 2.10.4, where the affected endpoint was removed from the application.

A denial-of-service vulnerability has been identified in Klaw, a self-service Apache Kafka topic management tool, prior to version 2.10.4. The issue arises from inconsistent handling of username case sensitivity in the user registration and login processes. This discrepancy allows a malicious actor to register an account using a variation of an existing username's case, resulting in both accounts becoming completely inaccessible. The original and the case-variant accounts cannot be logged into, and this collision disrupts administrative tools, preventing the deletion of either account through the application interface.

A vulnerability allowing authentication bypass via an alternate path or channel has been identified in the WP Swings Wallet System for WooCommerce, affecting versions through 2.7.5. This vulnerability allows exploitation of the password recovery feature, potentially leading to unauthorized actions being performed by users with lower privileges.

An authentication bypass vulnerability has been identified in the Liquid Web / StellarWP BookIt plugin, specifically in versions prior to 2.5.4.1. This vulnerability allows for password recovery exploitation by bypassing authentication mechanisms.