Search CVE reports

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

AWStats 8.0 is vulnerable to Command Injection via the open function

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can...

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From...

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into...

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000...

Local unprivileged user can trigger an assert in systemd

Integer Underflow When Handling EAP-TTLS AVP. A vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs was discovered in strongSwan that can result in resource exhaustion or a crash. All versions since 4.5.0 are affected.

(fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.)