Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-40279

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

3.7CVSS5.5AI score0.00242EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 7:41 p.m.36 views

CVE-2026-41503

Technical details about CVE-2026-41503 are not publicly available in the provided documents. Monitor for updates from official advisories.

8.7CVSS5.7AI score0.00415EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/24 7:39 p.m.50 views

CVE-2026-41475

Summary: CVE-2026-41475 affects the BACnet Stack library. Prior to version 1.4.3, the WritePropertyMultiple service decoder is vulnerable to an out-of-bounds read caused by wpm_decode_object_property() invoking the deprecated decode_tag_number_and_value() function, which performs no bounds checki...

9.1CVSS5.7AI score0.00482EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35074

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.4.3 Description An out-of-bounds read exists in the WritePropertyMultiple service decoder. This occurs because the wpm decode object property function calls the deprecated decode tag number and value function,...

8.7CVSS5.6AI score0.00482EPSS
Exploits1References4
CVE
CVE
added 2026/02/02 9:33 p.m.13 views

CVE-2025-66480

CVE-2025-66480 concerns Wildfire IM’s im-server, where the UploadFileAction (endpoint /fs) mishandles uploaded filenames. The writeFileUploadData logic directly concatenates the configured storage directory with the uploaded filename without stripping directory traversal sequences (e.g., ../../),...

9.8CVSS5.8AI score0.01395EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:45 p.m.5 views

CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS5.6AI score0.00146EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.8 views

WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Material Design Icons for Page Builders Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca964ff46b5b Credits...

6.5CVSS5.8AI score0.00383EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder