CVE-2026-8686

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

CVE-2026-8686 DoS from MQTT v5.0 Deserialization Fault in core MQTT

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

coreMQTT Client Library 缓冲区错误漏洞

The coreMQTT Client Library is a lightweight client communication library developed under the FreeRTOS open source project. Versions of the coreMQTT Client Library prior to 5.0.1 contained a buffer error vulnerability. This vulnerability stems from the lack of boundary validation in the MQTT v5.0...

PT-2026-41372

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

PT-2026-21894

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 5.0.1...

PT-2026-7272

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 5.0.0 through 5.0.1 Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox version 4.2 Fortinet FortiSandbox version 4.0 Description An Improper Neutralization of Input During Web Page Generatio...

CVE-2019-12388

Anviz access control devices perform cleartext transmission of sensitive information passwords/pins and names when replying to query on port tcp/5010...

CVE-2025-67560

Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through = 5.0.1...

CVE-2025-67560

Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through = 5.0.1...

PT-2025-49934

CVE-2025-67560 Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom… https://t.co/4pTz1t1R85...

JLSEC-2025-119 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729...

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

EUVD-2025-32431

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...

EUVD-2025-32322

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...

CVE-2025-33034 Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2025-59143

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

Exploit for Path Traversal in Thecartpress Thecartpress_Ecommerce_Shopping_Cart

This is a PoC exploit for CVE-2015-3301, a vulnerability in the Stagefright media library that allows for remote code execution on Android devices. The exploit, called Metaphor, is designed to bypass Address Space Layout Randomization ASLR and execute arbitrary code on the device. The exploit...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a null pointer dereference in the PDF Preview module, and can ...

CVE-2022-50104

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xivegetmaxprio offindnodebypath returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

VulnCheck KEV: CVE-2024-31839

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component...