67 matches found
PT-2026-22323
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows code injection. Insufficient input validation in certain parameters may permit unexpected...
Linux Distros Unpatched Vulnerability : CVE-2026-27571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed...
CVE-2026-1301
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
CVE-2026-1301
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
EUVD-2026-5530
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
CVE-2026-23796
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
PT-2026-6627
Name of the Vulnerable Software and Affected Versions Versions prior to 2026-1301 Description A specially crafted JSON message can cause a heap overflow in the PubSub JSON decoder before authentication. This can lead to a process crash and memory corruption. The issue occurs in builds with PubSub...
o6 Automation Open62541 缓冲区错误漏洞
o6 Automation Open62541 is an industrial automation toolset developed by the German company o6 Automation. o6 Automation Open62541 contains a buffer error vulnerability; this vulnerability arises from specially crafted JSON messages that may cause the decoder to write data beyond the allocated he...
CVE-2025-63529
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating...
CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...
EUVD-2012-6582
Malware in sbrugna...
CVE-2012-10053
Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf without proper bounds checking, leading to a buffer overflow on the stack. This...
CVE-2021-37845
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...
CVE-2023-1139
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...
SUSE CVE-2013-4119
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service NULL pointer dereference and application crash by disconnecting before authentication has finished...
SUSE CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP port...
SUSE CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...
PrinterLogic Web Stack 命令注入漏洞
PrinterLogic Web Stack PrinterLogic Printer Installer is a native web application from PrinterLogic, Inc. Enables It departments to manage and automate the creation/dissemination of Printer Objects and Printer Drivers across print environments from a single management console. A command injection...
D-Link DIR-825 缓冲区错误漏洞
The D-Link DIR-825 is a router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in D-Link DIR-825 R1 devices 3.0.1 and earlier versions, which originates from a buffer overflow in the web interface and can be exploited by an attacker to achieve remote code execution prior ...
Theonedev Onedev Injection Vulnerability
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An injection vulnerabili...