CVE-2026-3606

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

UBUNTU-CVE-2026-3606

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

CVE-2026-3606

CVE-2026-3606 affects Ettercap 0.8.4-Garofalo, targeting the function add_data_segment in the file src/ettercap/utils/etterfilter/ef_output.c of the etterfilter component. The vulnerability results in an out-of-bounds read and requires local access. Public exploit information is indicated, and th...

CVE-2026-3606 Ettercap etterfilter ef_output.c add_data_segment out-of-bounds

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

CVE-2026-28484

...

CVE-2026-28484

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

EUVD-2026-9526

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

PT-2026-23568

Name of the Vulnerable Software and Affected Versions Ettercap version 0.8.4-Garofalo Description A flaw exists in Ettercap that involves an out-of-bounds read issue within the add data segment function located in the src/ettercap/utils/etterfilter/ef output.c file, specifically within the...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

📄 WordPress Real Estate 7 3.5.2 Privilege Escalation

This Metasploit auxiliary scanner module targets a privilege escalation vulnerability in WordPress Real Estate 7 plugin version 3.5.2. The flaw allows unauthenticated attackers to register a new user account with administrator privileges by abusing the ctaddnewmember AJAX action...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005629 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005398)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005398 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005561 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pairdevice hciconnparamsadd never checks for a NULL value...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

Exploit for CVE-2025-39459

📄 Nuclei Template for CVE-2025-39459 🚀 Overview This repo...

Nokia Impact Mobile 安全漏洞

Nokia Impact Mobile is a mobile network device management and automation platform developed by Finnish company Nokia. Previous versions of Nokia Impact Mobile, including 23FP1, contained security vulnerabilities. These vulnerabilities stemmed from the Campaign Name parameter in the Add Campaign...