Common Vulnerabilities and Exposures (CVE)

CVE-2024-41347

Jan 26, 2026 15:24:53 UTC

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php

CVE-2026-1417

Jan 26, 2026 15:22:24 UTC

A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally....

CVE-2024-41348

Jan 26, 2026 15:21:32 UTC

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php

CVE-2026-1418

Jan 26, 2026 15:18:59 UTC

A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds wr...

CVE-2024-41346

Jan 26, 2026 15:17:09 UTC

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php

CVE-2025-59102

Jan 26, 2026 15:15:13 UTC

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much ...

CVE-2025-13952

Jan 26, 2026 15:13:20 UTC

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system ...

CVE-2025-59103

Jan 26, 2026 15:13:19 UTC

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware ...

CVE-2025-59104

Jan 26, 2026 15:12:47 UTC

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be...

CVE-2026-1419

Jan 26, 2026 15:11:20 UTC

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command inject...

CVE-2024-7318

Jan 26, 2026 15:11:07 UTC

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an...

CVE-2025-14973

Jan 26, 2026 15:07:18 UTC

The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks.

CVE-2024-41345

Jan 26, 2026 15:06:17 UTC

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php

CVE-2024-39097

Jan 26, 2026 15:03:10 UTC

There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.

CVE-2026-24420

Jan 26, 2026 15:01:08 UTC

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is...