The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without va...
Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can...
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather t...
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v...
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to ...
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. ...
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in spec...
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure...
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additio...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
