CVE-2025-14388 — CVSS 9.8 (critical): The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and…
CVE-2025-55113 — CVSS 9.0 (critical): If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent…
CVE-2023-5719 — CVSS 8.8 (high): The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download…
CVE-2025-9648: A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS)…
CVE-2026-33191 — CVSS 8.6 (high): Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to…
CVE-2020-5363 — CVSS 8.6 (high): Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's…
CVE-2025-66263 — CVSS 7.5 (high): Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30…
CVE-2025-1936 — CVSS 7.3 (high): jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content…
CVE-2024-10921 — CVSS 6.8 (medium): An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests…
CVE-2026-23863 — CVSS 6.5 (medium): An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents…
CVE-2020-7928 — CVSS 6.5 (medium): A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries…
CVE-2026-41256 — CVSS 5.5 (medium): jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first…
CVE-2024-0408 — CVSS 5.5 (medium): A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When…
CVE-2026-47778 — CVSS 4.4 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a…
CVE-2026-43859 — CVSS 3.7 (low): mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVE-2025-61985 — CVSS 3.6 (low): ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
CVE-2022-31223 — CVSS 2.3 (low): Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could…
CVE-2026-4359 — CVSS 2.0 (low): A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications…