Fri, Sep 02 · 11:03 PM CDTCVE-2005-2773
9.8/10 · Must read/watchNVDvuln
Summary
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVECVE-2005-2773
SeverityCRITICAL
TypeUPDATED
PublishedFri, Sep 02 · 11:03 PM CDT
ModifiedThu, Apr 16 · 02:03 PM CDT
CVE-2019-5481
9.8/10 · Must read/watchNVDvuln
Summary
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVECVE-2019-5481
SeverityCRITICAL
TypeUPDATED
PublishedMon, Sep 16 · 07:15 PM CDT
ModifiedThu, Apr 16 · 03:16 PM CDT
CVE-2022-0239
9.8/10 · Must read/watchNVDvuln
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVECVE-2022-0239
SeverityCRITICAL
TypeUPDATED
PublishedMon, Jan 17 · 07:15 AM CST
ModifiedThu, Apr 16 · 04:07 PM CDT
CVE-2025-11252
9.8/10 · Must read/watchNVDvuln
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published.
CVECVE-2025-11252
SeverityCRITICAL
TypeUPDATED
PublishedFri, Feb 27 · 01:16 PM CST
ModifiedThu, Apr 16 · 04:16 PM CDT
CVE-2026-21643
9.8/10 · Must read/watchNVDvuln
Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVECVE-2026-21643
SeverityCRITICAL
TypeUPDATED
PublishedFri, Feb 06 · 09:15 AM CST
ModifiedTue, Apr 14 · 02:21 PM CDT
CVE-2026-32769
9.8/10 · Must read/watchNVDvuln
Summary
Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected
CVECVE-2026-32769
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 01:15 AM CDT
ModifiedThu, Apr 16 · 01:36 PM CDT
CVE-2026-32771
9.8/10 · Must read/watchNVDvuln
Summary
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path sepa
CVECVE-2026-32771
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 01:15 AM CDT
ModifiedThu, Apr 16 · 01:28 PM CDT
CVE-2026-32985
9.8/10 · Must read/watchNVDvuln
Summary
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in t
CVECVE-2026-32985
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 12:16 AM CDT
ModifiedThu, Apr 16 · 01:42 PM CDT
CVE-2026-30884
9.6/10 · Must read/watchNVDvuln
Summary
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any ot
CVECVE-2026-30884
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 18 · 04:17 AM CDT
ModifiedThu, Apr 16 · 02:46 PM CDT
CVE-2025-54236
9.1/10 · Must read/watchNVDvuln
Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe
CVECVE-2025-54236
SeverityCRITICAL
TypeUPDATED
PublishedTue, Sep 09 · 02:15 PM CDT
ModifiedTue, Apr 14 · 07:00 PM CDT
CVE-2026-25534
9.1/10 · Must read/watchNVDvuln
Summary
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of carefully crafted URLs. Not
CVECVE-2026-25534
SeverityCRITICAL
TypeUPDATED
PublishedTue, Mar 17 · 06:16 PM CDT
ModifiedThu, Apr 16 · 02:46 PM CDT
CVE-2026-29000
9.1/10 · Must read/watchNVDvuln
Summary
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject an
CVECVE-2026-29000
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 04 · 10:16 PM CST
ModifiedThu, Apr 16 · 04:18 PM CDT
CVE-2006-0749
9.3/10 · Must read/watchNVDvuln
Summary
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that l
CVECVE-2006-0749
SeverityHIGH
TypeUPDATED
PublishedFri, Apr 14 · 10:02 AM CDT
ModifiedThu, Apr 16 · 09:08 PM CDT
CVE-2006-2492
8.8/10 · Worth your timeNVDvuln
Summary
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
CVECVE-2006-2492
SeverityHIGH
TypeUPDATED
PublishedSat, May 20 · 12:02 AM CDT
ModifiedThu, Apr 16 · 02:02 PM CDT
CVE-2026-32989
8.8/10 · Worth your timeNVDvuln
Summary
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations, leading to arbitrary code
CVECVE-2026-32989
SeverityHIGH
TypeUPDATED
PublishedFri, Mar 20 · 04:16 PM CDT
ModifiedThu, Apr 16 · 02:35 PM CDT
CVE-2026-20039
8.6/10 · Worth your timeNVDvuln
Summary
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective m
CVECVE-2026-20039
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 04 · 06:16 PM CST
ModifiedThu, Apr 16 · 08:01 PM CDT
CVE-2026-20101
8.6/10 · Worth your timeNVDvuln
Summary
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SA
CVECVE-2026-20101
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 04 · 06:16 PM CST
ModifiedThu, Apr 16 · 08:28 PM CDT
CVE-2026-20103
8.6/10 · Worth your timeNVDvuln
Summary
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access
CVECVE-2026-20103
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 04 · 06:16 PM CST
ModifiedThu, Apr 16 · 08:28 PM CDT
CVE-2019-25603
8.4/10 · Worth your timeNVDvuln
Summary
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget,
CVECVE-2019-25603
SeverityHIGH
TypeUPDATED
PublishedSun, Mar 22 · 02:16 PM CDT
ModifiedThu, Apr 16 · 04:19 PM CDT
CVE-2019-25604
8.4/10 · Worth your timeNVDvuln
Summary
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the S
CVECVE-2019-25604
SeverityHIGH
TypeUPDATED
PublishedSun, Mar 22 · 02:16 PM CDT
ModifiedThu, Apr 16 · 04:19 PM CDT
CVE-2019-25607
8.4/10 · Worth your timeNVDvuln
Summary
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privile
CVECVE-2019-25607
SeverityHIGH
TypeUPDATED
PublishedSun, Mar 22 · 02:16 PM CDT
ModifiedThu, Apr 16 · 04:19 PM CDT
CVE-2019-25608
8.4/10 · Worth your timeNVDvuln
Summary
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privil
CVECVE-2019-25608
SeverityHIGH
TypeUPDATED
PublishedSun, Mar 22 · 02:16 PM CDT
ModifiedThu, Apr 16 · 04:19 PM CDT
CVE-2019-25609
8.4/10 · Worth your timeNVDvuln
Summary
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handl
CVECVE-2019-25609
SeverityHIGH
TypeUPDATED
PublishedSun, Mar 22 · 02:16 PM CDT
ModifiedThu, Apr 16 · 04:19 PM CDT
CVE-2026-32138
8.2/10 · Worth your timeNVDvuln
Summary
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, po
CVECVE-2026-32138
SeverityHIGH
TypeUPDATED
PublishedThu, Mar 12 · 07:16 PM CDT
ModifiedThu, Apr 16 · 02:47 PM CDT
CVE-2026-32616
8.2/10 · Worth your timeNVDvuln
Summary
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification link sent to the user'
CVECVE-2026-32616
SeverityHIGH
TypeUPDATED
PublishedMon, Mar 16 · 02:19 PM CDT
ModifiedThu, Apr 16 · 02:57 PM CDT
