sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results i...
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or d...
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generat...
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby d...
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware.