7 matches found
CVE-2026-40279
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
CVE-2026-41503
Technical details about CVE-2026-41503 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2026-41475
Summary: CVE-2026-41475 affects the BACnet Stack library. Prior to version 1.4.3, the WritePropertyMultiple service decoder is vulnerable to an out-of-bounds read caused by wpm_decode_object_property() invoking the deprecated decode_tag_number_and_value() function, which performs no bounds checki...
PT-2026-35074
Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.4.3 Description An out-of-bounds read exists in the WritePropertyMultiple service decoder. This occurs because the wpm decode object property function calls the deprecated decode tag number and value function,...
CVE-2025-66480
CVE-2025-66480 concerns Wildfire IM’s im-server, where the UploadFileAction (endpoint /fs) mishandles uploaded filenames. The writeFileUploadData logic directly concatenates the configured storage directory with the uploaded filename without stripping directory traversal sequences (e.g., ../../),...
CVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Material Design Icons for Page Builders Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca964ff46b5b Credits...