CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

CVE-2019-2310

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

CVE-2019-2239

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-20972

CVE-2026-20972 corresponds to Samsung’s SVE-2025-2255. Description: Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. Connected docs indicate this is addressed by a Samsung patch in the SMR Jan-2026 Release 1, descri...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

PT-2026-2053

Name of the Vulnerable Software and Affected Versions UwbTest versions prior to SMR Jan-2026 Release 1 Description The application improperly exports Android components, potentially allowing a local attacker to enable Ultra-Wideband UWB functionality. Recommendations Update UwbTest to SMR Jan-202...

(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product...

GHSA-2W69-QVJG-HVJX React Router vulnerable to XSS via Open Redirects

React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell - Proof of Concept ⚠️ SECURIT...

Autodesk Shared Components < 2026.5 Multiple Vulnerabilities (adsk-sa-2025-0024)

The version of Autodesk Shared Components installed on the remote Windows host is 2026.4 or earlier. It is, therefore, affected by multiple vulnerabilities. - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a memory corruption vulnerability. A malicious...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-69222

CVE-2025-69222 affects LibreChat (v0.8.1-rc2 and prior) with a server-side request forgery (SSRF) due to missing restrictions in the default Actions configuration. The issue arises because agents can be configured with predefined instructions and actions via OpenAPI, enabling access to arbitrary ...

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-31964

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2017-6894

A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier including FlexNet Manager Platform 9.2 and earlier that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system...

CVE-2019-16755

BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all...

PT-2026-1934

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...