| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
| Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel. |
| TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level (Parser::parseBlock()) and inline (Inline::parseSequence() / Inline::parseMapping()) parsers to recurse without a depth limit. A crafted document exhausts the PHP stack and crashes the worker. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. |
| Double free in Windows DHCP Server allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network. |
| Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network. |
| Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
| Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the attribute check is skipped, allowing protected controllers to execute and leak headers or perform side effects. This issue is fixed in versions 7.4.12 and 8.0.12. |
| Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category that are reflected into Atom fields like and , which execute as JavaScript when feed readers or CMS aggregators consume the feed and insert content into the DOM using unsafe methods. |