CVE-2019-25569

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

CVE-2019-25569

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow in the Echo Port field. The vulnerability allows local attackers to crash the application by corrupting the SEH chain; a crafted input consisting of 268 padding bytes followed by SEH overwrite values pasted into the Port fie...

EUVD-2026-14242

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510

CVE-2026-4510 affects PbootCMS up to 3.2.12. The flaw exists in the Parameter Handler’s function alert_location within apps/home/controller/MemberController.php, where manipulating the backurl argument enables cross-site scripting. Remote exploitation is possible and an exploit has been made publ...

CVE-2026-1935

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...

Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...

GHSA-86JJ-29WC-7Q2W Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...

CVE-2026-3546

The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...

CVE-2026-1935 Company Posts for LinkedIn <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...

CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

CVE-2026-32050

OpenClaw is affected in versions prior to 2026.2.25. The vulnerability arises in signal reaction notification handling, where an access control failure allows unauthorized senders to enqueue status events before authorization checks are applied. Specifically, the reaction-only event path in event...

D-Link DHP-1320 安全漏洞

The D-Link DHP-1320 is a powerline wireless extender produced by D-Link Corporation. The D-Link DHP-1320 version 1.00WWB04 contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow in the REDIRECTCOUNTDOWNPAGE function of the SOAP Handler component, which may...

ApiFlow 代码问题漏洞

ApiFlow is an open-source API development collaboration platform developed by ApiFlow. Version 0.9.7 of ApiFlow contains a code vulnerability. This vulnerability stems from a server-side request forgery issue in the validateUrlSecurity function within the URL Validation Handler component’s...

PT-2026-26858

Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...

PT-2026-26914

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

PT-2026-26883

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the /appearance/filepath file-serving handler in kernel/server/serve.go. An attacker can read arbitrary files accessible to the server process by requesting crafted ../ paths. Notes -...

ANT-2026-HY56VRSB · nginx · Heap

heap-buffer-overflow high CVE-2026-27654 Severity Claude high · Security research firm - · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-HY56VRSB: Heap buffer overflow in...