Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Jan 19, 2026 05:41:09 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2026-1140

Jan 19, 2026 05:32:05 UTC

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has be...

CVE-2026-1139

Jan 19, 2026 05:02:06 UTC

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The e...

CVE-2026-1138

Jan 19, 2026 04:32:06 UTC

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been publ...

CVE-2026-1137

Jan 19, 2026 04:02:08 UTC

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried ...

CVE-2025-46397

Jan 19, 2026 03:55:40 UTC

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

CVE-2024-7885

Jan 19, 2026 03:51:37 UTC

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP c...

CVE-2026-1136

Jan 19, 2026 03:32:05 UTC

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/aut...

CVE-2026-1135

Jan 19, 2026 03:02:06 UTC

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be l...

CVE-2026-0943

Jan 19, 2026 02:54:06 UTC

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is aff...

CVE-2026-1134

Jan 19, 2026 02:32:06 UTC

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiat...

CVE-2026-1133

Jan 19, 2026 02:02:06 UTC

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql inject...

CVE-2026-1132

Jan 19, 2026 01:32:06 UTC

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql inject...

CVE-2026-1131

Jan 19, 2026 01:02:06 UTC

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is poss...

CVE-2026-1130

Jan 19, 2026 00:32:06 UTC

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is poss...