OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. OpenHarmony v5.1.0 and earlier versions have security vulnerabilities. These vulnerabilities stem from the use of incompatible types, which may allow local attackers to execute...

Serviio PRO 代码问题漏洞

Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a code vulnerability. This vulnerability stems from improper search paths and directory permissions in Windows services, which may allow local users to execute...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run. An attacker can execute unauthorized local code by obtaining approval for a benign script-runner command, then rewriting the referenced script ...

OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Summary In affected versions of openclaw, node-host system.run approvals could display only an extracted shell payload such as jq --version while execution still ran a different outer wrapper argv such as ./env sh -c 'jq --version'. Impact This is an approval-integrity bug. An attacker who could...

GHSA-RW39-5899-8MXP OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Summary In affected versions of openclaw, node-host system.run approvals could display only an extracted shell payload such as jq --version while execution still ran a different outer wrapper argv such as ./env sh -c 'jq --version'. Impact This is an approval-integrity bug. An attacker who could...

EUVD-2019-19738

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...

CVE-2019-25467

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

CVE-2019-25485

A buffer overflow in the GUI Preferences language menu field of R 3.4.4 on Windows x64 allows local attackers to bypass DEP and ASLR, triggering a structured exception handler chain to execute arbitrary shellcode with application privileges. The vulnerability is local, requires a crafted payload ...

CVE-2019-25467

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...

CVE-2019-25466 Easy File Sharing Web Server 7.2 Local SEH Overflow

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

CVE-2019-25466

CVE-2019-25466 affects Easy File Sharing Web Server 7.2. A local structured exception handling (SEH) buffer overflow arises in the process of adding a new user account, triggered by a crafted username containing 4059 bytes of padding followed by an NSEH/SEH pointer. The vulnerability enables a lo...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

EUVD-2025-208548

Improper input validation in the UEFI FlashUcAcmSmm module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local...

EUVD-2025-208553

Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local...

EUVD-2025-208549

Improper input validation in the UEFI FlashUcAcmSmm module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local...

Easy File Sharing Web Server 缓冲区错误漏洞

Easy File Sharing Web Server is an open-source file sharing server developed by Easy File Server. Version 7.2 of Easy File Sharing Web Server contains a buffer error vulnerability, which stems from an issue with handling local structured data exceptions, leading to a buffer overflow. This...

Security Updates for Microsoft Office Products (March 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the march-10-2026 advisory. - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-26113 - Use after free in...

PT-2026-24764

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...