π¨ CVE-2018-25432
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
π@cveNotify
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
π@cveNotify
Armcode
Host and City Location on the World Map
Host and city location, visual traceroute, IP information, network information
π¨ CVE-2018-25433
Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the com_jephotogallery component to execute arbitrary SQL queries and retrieve sensitive data like usernames and password hashes.
π@cveNotify
Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the com_jephotogallery component to execute arbitrary SQL queries and retrieve sensitive data like usernames and password hashes.
π@cveNotify
π¨ CVE-2018-25434
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.
π@cveNotify
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.
π@cveNotify
Misc
Misc - Misc development
π¨ CVE-2018-25435
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
π@cveNotify
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
π@cveNotify
π¨ CVE-2019-25716
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
π@cveNotify
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
π@cveNotify
Draeger
DrΓ€ger Security | Coordinated Disclosure Statement
DrΓ€ger Product Security - Coordinated Disclosure Statement. Here's how you can report a security or privacy vulnerability to DrΓ€ger.
π¨ CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
π@cveNotify
π¨ CVE-2025-22426
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
π@cveNotify
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
π@cveNotify
GitHub
CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Β· Issue #97076 Β· kubernetes/kubernetes
CVSS Rating: Medium (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) This issue affects multitenant clusters. If a potential attacker can already create or edit services and pods, then they may be ab...
π¨ CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
π@cveNotify
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
π@cveNotify
GitHub
CVE-2020-8561: Webhook redirect in kube-apiserver Β· Issue #104720 Β· kubernetes/kubernetes
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver ...
π¨ CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
π@cveNotify
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
π@cveNotify
GitHub
CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding Β· Issue #103675 Β· kubernetes/kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. This issue has bee...
π¨ CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
π@cveNotify
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
π@cveNotify
GitHub
CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU Β· Issue #101493 Β· kubernetes/kubernetes
CVSS Rating: Low (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes contr...
π¨ CVE-2025-48595
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2026-0091
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2026-48545
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment.
π@cveNotify
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment.
π@cveNotify
GitHub
fix(security): isolate /proxy= cookie jars across Spaces (GHSA-2mr9-9β¦ Β· gradio-app/gradio@feb7237
β¦r47-px2g) (#13384)
* fix(security): isolate /proxy= cookie jars (GHSA-2mr9-9r47-px2g)
The module-level `httpx.AsyncClient` shared by the `/proxy=` reverse
proxy persists `Set-Cookie` headers fro...
* fix(security): isolate /proxy= cookie jars (GHSA-2mr9-9r47-px2g)
The module-level `httpx.AsyncClient` shared by the `/proxy=` reverse
proxy persists `Set-Cookie` headers fro...
π¨ CVE-2025-55664
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
GitHub
Fixed #3310 Β· gpac/gpac@9bd6a72
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - Fixed #3310 Β· gpac/gpac@9bd6a72
π¨ CVE-2025-60481
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
GitHub
fix several ac4 fuzzing issues: Β· gpac/gpac@e02d1fd
- ossfuzz issues 431448397, 431452248, 431448415, 431836200
- autofuzz bugs ref hY44lXy4bSOybg, TxWvZRk8AD8y7g
- fixes #3297, fixes #3296, fixes #3295, fixes #3293, fixes #3292, fixes #3291, fixes ...
- autofuzz bugs ref hY44lXy4bSOybg, TxWvZRk8AD8y7g
- fixes #3297, fixes #3296, fixes #3295, fixes #3293, fixes #3292, fixes #3291, fixes ...
π¨ CVE-2025-60483
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
GitHub
more ac4 and fuzzing fixes: Β· gpac/gpac@13eb5b7
- fixes #3301, fixes #3302, #3303
- autofuzz ref bsYSHNFQpzEF8w
- autofuzz ref bsYSHNFQpzEF8w
π¨ CVE-2025-60485
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
GitHub
minor mem issues (fixes #3323, fixes #3325) Β· gpac/gpac@4860a1a
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - minor mem issues (fixes #3323, fixes #3325) Β· gpac/gpac@4860a1a
π¨ CVE-2025-60486
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
π@cveNotify
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
π@cveNotify
GitHub
fix some memory issues Β· gpac/gpac@e6d0182
closes #3314, closes #3320, closes #3321
fixes autofuzz bug N7jC-gq0MTkg4g
fixes autofuzz bug N7jC-gq0MTkg4g
π¨ CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
π@cveNotify
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
π@cveNotify
GitHub
Release v3.26.0 Β· twigphp/Twig
Changelog (v3.25.0...v3.26.0)
security #cve-2026-46627 Document that the sandbox doesn't protect against resource exhaustion (@fabpot)
security #cve-2026-46628 Pre-escape HTML input on the spa...
security #cve-2026-46627 Document that the sandbox doesn't protect against resource exhaustion (@fabpot)
security #cve-2026-46628 Pre-escape HTML input on the spa...
π¨ CVE-2026-28764
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
π@cveNotify
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
π@cveNotify