Wed, Mar 23 · 08:15 PM CDTCVE-2022-24292
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.
CVECVE-2022-24292
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 23 · 08:15 PM CDT
ModifiedThu, Jun 25 · 06:08 PM CDT
Wed, Mar 23 · 08:15 PM CDTCVE-2022-24293
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.
CVECVE-2022-24293
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 23 · 08:15 PM CDT
ModifiedThu, Jun 25 · 06:09 PM CDT
Fri, Apr 28 · 04:15 PM CDTCVE-2023-27971
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.
CVECVE-2023-27971
SeverityCRITICAL
TypeUPDATED
PublishedFri, Apr 28 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:08 PM CDT
Fri, Apr 28 · 04:15 PM CDTCVE-2023-27972
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.
CVECVE-2023-27972
SeverityCRITICAL
TypeUPDATED
PublishedFri, Apr 28 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:09 PM CDT
Fri, Apr 28 · 05:15 PM CDTCVE-2023-27973
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.
CVECVE-2023-27973
SeverityCRITICAL
TypeUPDATED
PublishedFri, Apr 28 · 05:15 PM CDT
ModifiedThu, Jun 25 · 06:07 PM CDT
Fri, Jun 30 · 04:15 PM CDTCVE-2023-35175
9.8/10 · Must read/watchNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
CVECVE-2023-35175
SeverityCRITICAL
TypeUPDATED
PublishedFri, Jun 30 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:08 PM CDT
Thu, Feb 19 · 12:16 PM CSTCVE-2025-9953
9.8/10 · Must read/watchNVDvuln
Summary
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: before 2026/04.
CVECVE-2025-9953
SeverityCRITICAL
TypeUPDATED
PublishedThu, Feb 19 · 12:16 PM CST
ModifiedThu, Jun 25 · 01:16 PM CDT
Mon, Mar 30 · 07:16 PM CDTCVE-2026-34714
9.2/10 · Must read/watchNVDvuln
Summary
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
CVECVE-2026-34714
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 30 · 07:16 PM CDT
ModifiedThu, Jun 25 · 02:49 PM CDT
Mon, Mar 23 · 06:16 AM CDTCVE-2026-4599
9.1/10 · Must read/watchNVDvuln
Summary
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accep
CVECVE-2026-4599
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 23 · 06:16 AM CDT
ModifiedThu, Jun 25 · 04:16 PM CDT
Tue, Apr 15 · 04:16 PM CDTCVE-2025-32911
9.0/10 · Must read/watchNVDvuln
Summary
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
CVECVE-2025-32911
SeverityCRITICAL
TypeUPDATED
PublishedTue, Apr 15 · 04:16 PM CDT
ModifiedThu, Jun 25 · 11:17 PM CDT
Fri, Jun 30 · 04:15 PM CDTCVE-2023-35176
8.8/10 · Worth your timeNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.
CVECVE-2023-35176
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 30 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:06 PM CDT
Fri, Jun 30 · 04:15 PM CDTCVE-2023-35177
8.8/10 · Worth your timeNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.
CVECVE-2023-35177
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 30 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:08 PM CDT
Fri, Jun 30 · 04:15 PM CDTCVE-2023-35178
8.8/10 · Worth your timeNVDvuln
Summary
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.
CVECVE-2023-35178
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 30 · 04:15 PM CDT
ModifiedThu, Jun 25 · 06:06 PM CDT
Fri, Dec 27 · 08:15 PM CSTCVE-2024-56732
8.8/10 · Worth your timeNVDvuln
Summary
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
CVECVE-2024-56732
SeverityHIGH
TypeUPDATED
PublishedFri, Dec 27 · 08:15 PM CST
ModifiedThu, Jun 25 · 03:32 PM CDT
Wed, Feb 12 · 03:15 PM CSTCVE-2025-1244
8.8/10 · Worth your timeNVDvuln
Summary
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
CVECVE-2025-1244
SeverityHIGH
TypeUPDATED
PublishedWed, Feb 12 · 03:15 PM CST
ModifiedFri, Jun 26 · 12:16 AM CDT
Tue, Mar 03 · 06:16 PM CSTCVE-2026-3437
8.8/10 · Worth your timeNVDvuln
Summary
An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could resul
CVECVE-2026-3437
SeverityHIGH
TypeUPDATED
PublishedTue, Mar 03 · 06:16 PM CST
ModifiedThu, Jun 25 · 04:16 PM CDT
Mon, Dec 15 · 05:15 PM CSTCVE-2025-11393
8.7/10 · Worth your timeNVDvuln
Summary
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allows a standard user with
CVECVE-2025-11393
SeverityHIGH
TypeUPDATED
PublishedMon, Dec 15 · 05:15 PM CST
ModifiedFri, Jun 26 · 12:16 AM CDT
Wed, Jan 31 · 10:15 PM CSTCVE-2024-21626
8.6/10 · Worth your timeNVDvuln
Summary
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a
CVECVE-2024-21626
SeverityHIGH
TypeUPDATED
PublishedWed, Jan 31 · 10:15 PM CST
ModifiedThu, Jun 25 · 11:16 PM CDT
Wed, Apr 29 · 03:16 PM CDTCVE-2026-7111
8.4/10 · Worth your timeNVDvuln
Summary
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache t
CVECVE-2026-7111
SeverityHIGH
TypeUPDATED
PublishedWed, Apr 29 · 03:16 PM CDT
ModifiedThu, Jun 25 · 08:17 PM CDT
Thu, Jan 25 · 04:15 PM CSTCVE-2023-40547
8.3/10 · Worth your timeNVDvuln
Summary
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This f
CVECVE-2023-40547
SeverityHIGH
TypeUPDATED
PublishedThu, Jan 25 · 04:15 PM CST
ModifiedFri, Jun 26 · 10:16 AM CDT
Tue, Jan 28 · 06:15 PM CSTCVE-2024-13484
8.2/10 · Worth your timeNVDvuln
Summary
A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out clus
CVECVE-2024-13484
SeverityHIGH
TypeUPDATED
PublishedTue, Jan 28 · 06:15 PM CST
ModifiedFri, Jun 26 · 05:16 AM CDT
Tue, May 26 · 10:16 PM CDTCVE-2026-42013
8.2/10 · Worth your timeNVDvuln
Summary
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-
CVECVE-2026-42013
SeverityHIGH
TypeUPDATED
PublishedTue, May 26 · 10:16 PM CDT
ModifiedFri, Jun 26 · 08:16 AM CDT
Tue, May 26 · 10:16 PM CDTCVE-2026-5260
8.2/10 · Worth your timeNVDvuln
Summary
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
CVECVE-2026-5260
SeverityHIGH
TypeUPDATED
PublishedTue, May 26 · 10:16 PM CDT
ModifiedFri, Jun 26 · 08:16 AM CDT
Tue, Nov 26 · 04:15 PM CSTCVE-2024-52336
7.8/10 · Worth your timeNVDvuln
Summary
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with
CVECVE-2024-52336
SeverityHIGH
TypeUPDATED
PublishedTue, Nov 26 · 04:15 PM CST
ModifiedFri, Jun 26 · 02:16 AM CDT
Tue, Oct 22 · 01:15 PM CDTCVE-2024-9050
7.8/10 · Worth your timeNVDvuln
Summary
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to int
CVECVE-2024-9050
SeverityHIGH
TypeUPDATED
PublishedTue, Oct 22 · 01:15 PM CDT
ModifiedFri, Jun 26 · 12:16 AM CDT