Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
## Summary `ArrayFunctions.InsertAt` in Scriban allocates `index - list.Count` null entries in a tight C# `for` loop with no bound on `index`. The function is exposed to template authors as `array.insert_at`, and the fill loop ignores every existing safety control: `LoopLimit`, `LimitToString`, `ObjectRecursionLimit`, and `RecursiveLimit`. A single template such as `{{ [1] | array.insert_at 200000000 'x' | array.size }}` causes `OutOfMemoryException` in well under a second on a host with 1 GB o
In the TYPO3 extension `tt_address`, the `AddressRepository::getSqlQuery()` method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection. This has been patched in version 8.1.2, 9.1.1, and 10.0.1.
The TYPO3 Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's `unserialize()`. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task. This has been patched in versions 12.0.11 and 11.0.13.
smtp-server prior to v3.18.3 are vulnerable to unauthenticated memory exhaustion denial-of-service. smtp-server's command parser allows any remote client to consume server memory by sending data without newline characters. The server's `_remainder` buffer in `SMTPStream._write` grows without limit, leading to heap exhaustion, prolonged GC pauses that freeze the event loop, and in some cases, process crash. The `_write` method in `lib/smtp-stream.js` appends incoming TCP chunks to `this._remaind
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. - Spring Cloud Config 3.0.x: affected from 3.0.0 through 3.0.7 (inclusive); no open-source upgrade available. - Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); no open-source upgrade available. - Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); no open-so
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
### Summary A single unauthenticated `GET` to any `/scim/v1/...` endpoint with a `?filter=` query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with `std::process::abort()` — the entire `kanidmd` process exits. The parse runs inside axum's `Query<ScimEntryGetQuery>` extractor, before any handler body and therefore before any ACL check. ### Details The SCIM filter gramma
A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 ```rust Input Category http://[::1]/ IPv6 loopback http://[fc00::1]/ IPv6 ULA http://[fe80::1]/ IPv6 link-local http://[::ffff:127.0.0.1]/ IPv4-mapped loopback http://[::ffff:169.254.169.254]/ IPv4-mapped IMDS http://[::ffff:100.64.0.1]/ IPv4-mapped CGNAT http://[64:ff9b::7f00:1]/ NAT64 well-known prefix http://[64:ff9b:1::1]/ NAT64 local-use (RFC 8215) http://[5f00::1]/ SRv6 SID (RFC 9602) http://[3fff::1]/ IPv6 doc