CVE Vulnerability Database

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components …

Bitcoin Core 0.13.0 through 29.x has an integer overflow.

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended …

A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate …

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the `DELETE /api/v1/projects/:project/background` endpoint checks `CanRead` permission instead of `CanUpdate`, allowing any user …

Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the …

OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can …

Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in …

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to …