CVE Vulnerability Database

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate …

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point …

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication …

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does …

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that …

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the …

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to …

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to …

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to …