CVE-2019-25670

River Past Video Cleaner 7.6.3 is affected by a buffer overflow in the Lame_enc.dll field triggered via a crafted input, enabling local code execution through a structured exception handler (SEH) overwrite with ~280 bytes of padding and shellcode. This is a local/privilege‑requiring vulnerability...

CVE-2019-25670 River Past Video Cleaner 7.6.3 Buffer Overflow via SEH

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception...

CVE-2019-25670

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception...

River Past Video Cleaner 缓冲区错误漏洞

River Past Video Cleaner is a software tool developed by River Past Corporation, designed for batch conversion and repair of video formats and timestamps. Version 7.6.3 of River Past Video Cleaner contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the...

RealTerm Serial Terminal 缓冲区错误漏洞

RealTerm Serial Terminal is a terminal tool software developed by Crun, which supports serial communication, data capture, and debugging. Version 2.0.0.70 of RealTerm Serial Terminal contains a buffer error vulnerability. This vulnerability stems from structured exception handling that leads to a...

PT-2026-30487

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling SEH buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain a...

EUVD-2018-21754

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu t...

CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...

SNES9k 缓冲区错误漏洞

SNES9k is a game emulator developed by darkadonis2. Version 0.0.9z of SNES9k contains a buffer error vulnerability, which stems from a buffer overflow in the Netplay Socket Port Number field. This vulnerability could allow local attackers to execute code by overwriting the structured exception...

10-Strike LANState 缓冲区错误漏洞

10-Strike LANState is a Windows network tool developed by the American company 10-Strike. It is used for network topology scanning, device visualization, and management. Version 8.8 of 10-Strike LANState contains a buffer error vulnerability. This vulnerability stems from improper handling of...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

Linux Distros Unpatched Vulnerability : CVE-2026-35093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypas...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate from 7.0.0 to 7.1.5 had a code injection vulnerability. This vulnerability occurred because SVG icon strings controlled by attackers were rendered as raw HTML without being cleaned properly, which could lead to...

GHSA-35XM-QVJG-8M42 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that display...

EUVD-2026-17379

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...