VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
2986 advisories across 32 monitored vendors.
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0. An authenticated administrator with command-line interface (CLI) access could exploit a vulnerability in the `psd print sessions dump` command. This flaw allows the administrator to overwrite arbitrary files on the system that are writable by the Coturn process, potentially leading to data corruption or denial of service. This flaw affects the community-maintained coturn TURN/STUN server as shipped in Fedora and EPEL. Red Hat does not ship coturn in any core Red Hat product. Fedora and EPEL currently ship coturn 4.14.0, which already includes the fix released in 4.13.0, so the shipped builds are not vulnerable to this arbitrary file overwrite via the CLI psd command. Red Hat severity: Moderate — CVSS 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Weakness: CWE-22.
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker with the ability to debug a process to produce misleading audit trails. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Log4j versions 2.21.0 through 2.25.3 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker to delete files outside the intended directory tree. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
FreeBSD 14.3, 14.4 and 15.0 are susceptible to a vulnerability which when successfully exploited could allow an unprivileged user to observe a small amount of uninitialized kernel stack data. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Log4cxx versions prior to 1.7.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Affected product named by the advisory: GitLab.
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management. This issue affects all Junos OS Evolved versions before 23.2R2-EVO. Affected products named by the advisory: EX. Affected products named by the advisory: EX.
An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2. Affected products named by the advisory: MX. Affected products named by the advisory: MX.
An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series: * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1. Affected products named by the advisory: MX. Affected products named by the advisory: MX.
CPU Denial of Service in HTML parser via repeated unterminated markup declarations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-835. Red Hat lists fixing advisory RHSA-2026:37535 with package python3-12-main-3.12.13-3.5.hum1, python3-11-main-3.11.15-5.2.hum1, python3-14-main-3.14.6-1.3.hum1, python3-13-main-3.13.14-1.3.hum1. Affected products named by the advisory: Exploit Intelligence; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 4 more.
Command Injection via GPS device subtype allows arbitrary code execution. Red Hat rates this important (CVSS 7.8). Weakness: CWE-78. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
Local privilege escalation via symlink attack in guest-ssh-add-authorized-keys. Red Hat rates this important (CVSS 7.3). Weakness: CWE-61. Affected products named by the advisory: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4.