Common Vulnerabilities and Exposures (CVE)
CVE-2025-71256
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71255
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71253
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71252
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71251
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
CVE-2024-0456
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
CVE-2023-6955
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that...
CVE-2026-28780
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker con...
CVE-2026-40934
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never ro...
CVE-2026-40110
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match()...
CVE-2026-40075
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The Modul...
CVE-2022-24387
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
CVE-2026-39852
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows ...