| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS.
This issue affects Progress Planner: from n/a through 1.9.0. |
| Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Elementor Website Builder: from n/a through 4.1.0. |
| Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer. |
| Memory corruption in windows drivers while sending incorrect trusted application request |
| Memory Corruption when output buffer size is smaller than input buffer size during data copying operation. |
| Memory Corruption when sending random number generator command with insufficient output buffer size. |
| Memory Corruption when processing display command line information due to improper initialization of a variable. |
| Memory corruption while processing fastboot OEM commands. |
| Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. |
| Memory corruption while processing fastboot commands with invalid input. |
| Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow. |
| Memory corruption while processing fastboot commands with improperly formatted input. |
| Memory Corruption when processing fastboot commands to set display mode. |
| IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| Memory corruption while processing IOCTL calls for escape operations. |
| Memory corruption while processing multiple IOCTL command for escape operations. |
| Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. |
| IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. |
| A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. |
