960 matches found
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
PT-2026-39640
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-6530
DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint
Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...
CVE-2026-34874
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...
CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior
Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001235)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001235 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003175)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003175 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...
CVE-1999-0034
Buffer overflow in suidperl sperl, Perl 4.x and 5.x...
CVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
CVE-2025-11966
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...
EUVD-2000-0352
Malware in sbrugna...
EUVD-2014-2203
Malware in sbrugna...
EUVD-2013-4097
Malware in sbrugna...
EUVD-2020-3171
Malware in sbrugna...
EUVD-2020-18471
Malware in sbrugna...
EUVD-2020-17979
Malware in sbrugna...
EUVD-1999-1383
Malware in sbrugna...
EUVD-2016-4774
Malware in sbrugna...