EUVD-2025-202584

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

Windscribe for Linux 'changeMTU' local privilege escalation

RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...

EUVD-2023-30081

Malicious code in bioql PyPI...

WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability discovered by Webbernaut in WordPress Plugin Lazy Load for Videos versions = 2.18.7...

CVE-2025-22521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through = 2.18.8...

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

Buffer overflow

Connected Vehicle Systems Alliance COVESA up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dltcommon.c...

PT-2023-25534 · Covesa +1 · Covesa +1

Name of the Vulnerable Software and Affected Versions: Connected Vehicle Systems Alliance COVESA versions up to 2.18.8 Description: The issue is related to a buffer overflow in the Connected Vehicle Systems Alliance COVESA software. This buffer overflow occurs via the component /shared/dlt...

dlt-daemon 安全漏洞

The dlt-daemon is the DLT communication interface for ECUs in the GlobalGENIVI community. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A security vulnerability exists in dlt-daemo version 2.18.8 and earlie...

PT-2023-20567 · Covesa +1 · Dlt-Daemon +1

Name of the Vulnerable Software and Affected Versions: dlt-daemon versions through 2.18.8 Description: An issue was discovered in the Connected Vehicle Systems Alliance COVESA; formerly GENIVI dlt-daemon. Dynamic memory is not released after it is allocated in dlt-control-common.c. Recommendation...

COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read Vulnerability

======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon Diagnostic Log and Trace Connected Vehicle Systems Alliance COVESA, formerly GENIVI vulnerable version: = 2.18.8 fixed version: current master branc...

dlt-daemon 代码问题漏洞

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A denial of service vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

CVE-2022-31291

An issue in dltconfigfileparser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets...

PT-2022-20669 · Unknown · Dlt-Daemon

Name of the Vulnerable Software and Affected Versions: dlt-daemon version 2.18.8 Description: An issue in the dlt config file parser.c file allows attackers to cause a double free via crafted TCP packets. This can be exploited by sending specifically crafted packets to the affected system...

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities

Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52170/info Webglimpse is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...