Search

Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62603 2 Debian, Eprosima 2 Debian Linux, Fast Dds 2026-02-18 7.5 High
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and token delivery for newly appearing endpoints. On receive, the CDR parser is invoked first and deserializes the `message_data` (i .e., the `DataHolderSeq`) via the `readParticipantGenericMessage → readDataHolderSeq` path. The `DataHolderSeq` is parsed sequentially: a sequence count (`uint32`), and for each DataHolder the `class_id` string (e.g. `DDS:Auth:PKI-DH:1.0+Req`), string properties (a sequence of key/value pairs), and binary properties (a name plus an octet-vector). The parser operat es at a stateless level and does not know higher-layer state (for example, whether the handshake has already completed), s o it fully unfolds the structure before distinguishing legitimate from malformed traffic. Because RTPS permits duplicates, delays, and retransmissions, a receiver must perform at least minimal structural parsing to check identity and sequence n umbers before discarding or processing a message; the current implementation, however, does not "peek" only at a minimal header and instead parses the entire `DataHolderSeq`. As a result, prior to versions 3.4.1, 3.3.1, and 2.6.11, this parsi ng behavior can trigger an out-of-memory condition and remotely terminate the process. Versions 3.4.1, 3.3.1, and 2.6.11 p atch the issue.
CVE-2025-62799 2 Debian, Eprosima 2 Debian Linux, Fast Dds 2026-02-18 9.8 Critical
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft ed to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write s past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
CVE-2025-13818 1 Eset 1 Management Agent 2026-02-18 6.7 Medium
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
CVE-2025-14038 1 Enterprisedb 1 Hybrid Manager 2026-02-18 7 High
EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been remediated in EDB Hybrid Manager 1.3.3, and customers should consider upgrading to 1.3.3 as soon as possible. The flaw is due to a misconfiguration in the Istio Gateway, which manages authentication and authorization for the affected endpoints. The security policy relies on an explicit definition of required permissions in the Istio Gateway configuration, and the affected endpoints were not defined in the configuration. This allowed requests to bypass both authentication and authorization within a Hybrid Manager service. All versions of Hybrid Manager - LTS should be upgraded to 1.3.3, and all versions of Hybrid Manager - Innovation should be upgraded to 2025.12.
CVE-2025-68616 1 Kozea 1 Weasyprint 2026-02-18 7.5 High
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
CVE-2025-64438 1 Eprosima 1 Fast Dds 2026-02-18 7.5 High
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (`gapList .base - gapStart`), an attacker drives `StatefulReader::processGapMsg()` into an unbounded loop that inserts millions of s equence numbers into `WriterProxy::changes_received_` (`std::set`), causing multi-GB heap growth and process termination. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue.
CVE-2025-66472 1 Xwiki 2 Xwiki, Xwiki-platform 2026-02-18 6.1 Medium
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the "No" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates.
CVE-2025-70121 1 Free5gc 1 Free5gc 2026-02-18 7.5 High
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.
CVE-2025-70092 1 Opensourcepos 2 Open Source Point Of Sale, Opensourcepos 2026-02-18 5.5 Medium
A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.
CVE-2025-70886 1 Halo 1 Halo 2026-02-18 7.5 High
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
CVE-2025-70123 1 Free5gc 1 Free5gc 2026-02-18 7.5 High
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation.
CVE-2025-70122 1 Free5gc 1 Free5gc 2026-02-18 7.5 High
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared length that exceeds the actual buffer capacity, leading to a runtime panic and UPF crash.
CVE-2024-6115 1 Clive 21 1 Simple Online Hotel Reservation System 2026-02-18 7.3 High
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.
CVE-2024-6116 1 Clive 21 1 Simple Online Hotel Reservation System 2026-02-18 7.3 High
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268868.
CVE-2024-6308 1 Clive 21 1 Simple Online Hotel Reservation System 2026-02-18 7.3 High
A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269620.
CVE-2025-69213 1 Devcode 1 Openstamanager 2026-02-18 8.8 High
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.
CVE-2025-69215 1 Devcode 1 Openstamanager 2026-02-18 8.8 High
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.
CVE-2023-25023 1 Saleswonder 1 Webinarignition 2026-02-18 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions.
CVE-2023-47544 1 Atarim 1 Atarim 2026-02-18 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions.
CVE-2023-31979 1 Fossies 1 Catdoc 2026-02-18 7.8 High
Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.