CVE-2019-25477

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

CVE-2019-25477 RAR Password Recovery 1.80 Denial of Service Buffer Overflow

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

PT-2026-24774

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

Top Password RAR Password Recovery 缓冲区错误漏洞

Top Password RAR Password Recovery is a compression file password recovery tool developed by Top Password Corporation. Version 1.80 of Top Password RAR Password Recovery contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the registration dialog box, which...

WinMPG iPod Convert 缓冲区错误漏洞

WinMPG iPod Convert is a video format conversion tool developed by WinMPG Corporation in the United States. Version 3.0 of WinMPG iPod Convert contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the registration dialog box, which could allow local attackers t...

PT-2026-24778

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...

Arbitrary Code Execution

Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...

[SECURITY] Fedora 42 Update: opensips-3.5.9-2.fc42

OpenSIPS or Open SIP Server is a very fast and flexible SIP RFC3261 proxy server. Written entirely in C, opensips can handle thousands calls per second even on low-budget hardware. A C Shell like scripting language provides full control over the server's behaviour. It's modular architecture allow...

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

PT-2026-22927

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

CVE-2025-70342

CVE-2025-70342: erase-install prior to v40.4 (commit 2c31239) writes swiftDialog credential output to a hardcoded path (/var/tmp/dialog.json), enabling an unauthenticated attacker to intercept admin credentials during reinstall/erase operations by creating a named pipe. This document provides the...

CVE-2026-0020

In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

OpenClaw has an unspecified vulnerability (CNVD-2026-13375)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...

Exploit for CVE-2025-70342

CVE-2025-70342: Credential Interception via Named Pipe in eras...

DRUPAL-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs...

PT-2026-22082

Name of the Vulnerable Software and Affected Versions Drupal Material Icons versions prior to 2.0.4 Description The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in ma...

CyberArk Endpoint Privilege Manager Agent 安全漏洞

CyberArk Endpoint Privilege Manager Agent is a security software for managing terminal privileges developed by the Israeli company CyberArk. Versions of CyberArk Endpoint Privilege Manager Agent prior to 25.10.0 contain security vulnerabilities. These vulnerabilities stem from defects in the...