Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Jan 18, 2026 05:40:57 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2026-1111

Jan 18, 2026 05:32:05 UTC

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such man...

CVE-2025-15533

Jan 18, 2026 05:02:08 UTC

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only b...

CVE-2026-1110

Jan 18, 2026 04:32:05 UTC

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious...

CVE-2025-8110

Jan 18, 2026 03:33:12 UTC

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

CVE-2026-1109

Jan 18, 2026 03:02:06 UTC

A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This pr...

CVE-2026-1108

Jan 18, 2026 01:32:06 UTC

A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. An attack has to be approached loc...

CVE-2026-1107

Jan 18, 2026 00:32:06 UTC

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted up...

CVE-2026-1106

Jan 18, 2026 00:02:09 UTC

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation ...

CVE-2026-1105

Jan 17, 2026 23:32:05 UTC

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploi...

CVE-2026-1066

Jan 17, 2026 21:02:06 UTC

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may ...

CVE-2026-1064

Jan 17, 2026 20:32:05 UTC

A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a man...

CVE-2025-40920

Jan 17, 2026 20:23:09 UTC

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UU...

CVE-2026-1063

Jan 17, 2026 20:02:05 UTC

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such man...

CVE-2026-1062

Jan 17, 2026 19:32:05 UTC

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible t...