🚨 CVE-2025-59790
Improper Privilege Management vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
Improper Privilege Management vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
🚨 CVE-2025-59792
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
🚨 CVE-2025-27062
Memory corruption while handling client exceptions, allowing unauthorized channel access.
🎖@cveNotify
Memory corruption while handling client exceptions, allowing unauthorized channel access.
🎖@cveNotify
🚨 CVE-2025-21488
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
🎖@cveNotify
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
🎖@cveNotify
🚨 CVE-2025-27032
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
🎖@cveNotify
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
🎖@cveNotify
🚨 CVE-2025-33187
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
🎖@cveNotify
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
🎖@cveNotify
🚨 CVE-2025-33188
NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
🎖@cveNotify
NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
🎖@cveNotify
🚨 CVE-2023-30802
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.
🎖@cveNotify
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.
🎖@cveNotify
🚨 CVE-2023-30803
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.
🎖@cveNotify
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.
🎖@cveNotify
🚨 CVE-2023-30804
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.
🎖@cveNotify
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.
🎖@cveNotify
🚨 CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
🎖@cveNotify
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
🎖@cveNotify
🚨 CVE-2024-21908
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
🎖@cveNotify
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
🎖@cveNotify
GitHub
CVE-2024-21908 - GitHub Advisory Database
Cross-site scripting vulnerability in TinyMCE
🚨 CVE-2024-21910
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
🎖@cveNotify
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
🎖@cveNotify
GitHub
CVE-2024-21910 - GitHub Advisory Database
Cross-site scripting vulnerability in TinyMCE plugins
🚨 CVE-2024-53021
Information disclosure may occur while processing goodbye RTCP packet from network.
🎖@cveNotify
Information disclosure may occur while processing goodbye RTCP packet from network.
🎖@cveNotify
🚨 CVE-2024-53026
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
🎖@cveNotify
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
🎖@cveNotify
🚨 CVE-2025-21463
Transient DOS while processing the EHT operation IE in the received beacon frame.
🎖@cveNotify
Transient DOS while processing the EHT operation IE in the received beacon frame.
🎖@cveNotify
🚨 CVE-2025-21464
Information disclosure while reading data from an image using specified offset and size parameters.
🎖@cveNotify
Information disclosure while reading data from an image using specified offset and size parameters.
🎖@cveNotify
🚨 CVE-2025-21487
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
🎖@cveNotify
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
🎖@cveNotify