| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpack::CopyString`, leading to a crash under ASAN (and likely a crash or memory corruption in production builds). There's potential for using this for RCE. As of time of publication, no known patches are available. |
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` request. While the subsequent file retrieval logic correctly enforces SSRF protections, the initial metadata request executes without validation. This allows limited outbound requests to arbitrary URLs before SSRF controls are applied. Version 0.301.0 contains a patch for the issue. |
| A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. |
| A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. |
| A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. |
| An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. |
| A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages. |
| An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing. |
| Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later. |
| Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0. |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44. |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4. |
| Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2. |
| ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF. |
| 10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution. |
| M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users. |
| Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available. |
