CVE-2026-7142

CVE-2026-7142 affects Wooey up to 0.13.2, specifically the function add_or_update_script in wooey/api/scripts.py within the API Endpoint. The issue enables improper authorization via manipulation of the script endpoint, with remote execution possible. Public exploitation has been disclosed. Mitig...

CVE-2026-7069

CVE-2026-7069 affects D-Link DIR-825 (up to firmware 3.00b32) via the miniupnpd file and its AddPortMapping function in upnpsoap.c. A buffer overflow is triggered by manipulating the NewPortMappingDescription argument, with the attack executable over the local network. Public exploit activity is ...

PT-2026-35460

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add or update script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit ha...

CVE-2018-25288

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

CVE-2026-7054 Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2018-25288

StyleWriter 1.0 is affected by a buffer overflow in the Pattern to Find / Advice Message fields (Add Pattern dialog). A 6000-byte payload can be pasted to trigger a denial-of-service locally. The CVE details indicate a local attack vector with high impact on availability and no confidentiality/in...

EUVD-2018-21808

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

EUVD-2026-25720

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

CVE-2026-7043

Affected product/versions: GreenCMS up to 2.3. Vulnerability surface: function pluginAddLocal in /index.php?m=admin&c=custom&a=pluginadd enables unrestricted upload. Impact (as stated): unrestricted upload capability; remote initiation possible. Exploit status: exploit has been disclosed to the p...

Editor Software StyleWriter 安全漏洞

Editor Software StyleWriter is a text editing tool developed by Editor Software Company, designed to improve the clarity and quality of English writing. Version 1.0 of Editor Software StyleWriter contains a security vulnerability. This vulnerability stems from a buffer overflow issue when...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014343 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

PT-2026-35258

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014326 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: sunplus: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

CVE-2026-6994

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-6994

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-6994

Envoy up to 1.33.0 contains a vulnerability in the header_mutation.cc component (header_mutation, function params.add) that enables injection due to input manipulation. The issue is exploitable remotely, per the description. A patch (commit f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4) is available a...

CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

[SECURITY] Fedora 44 Update: qt6-qtimageformats-6.10.3-1.fc44

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...