2051 matches found
Arbitrary Command Injection
Overview @elgentos/magento2-dev-mcp is a Magento 2 Development MCP Server for AI agents - provides cache management, module tools, and system diagnostics Affected versions of this package are vulnerable to Arbitrary Command Injection via the executeMagerun2Command function. An attacker can execut...
CVE-2026-5455
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...
CVE-2026-5458
CVE-2026-5458 affects Noelse Individuals & Pro App up to v2.1.7 on Android. The vulnerability references an issue in the file path com/reactnative/antelop/BuildConfig.java within the component com.afone.noelse, where manipulation of the argument SEGMENT_WRITE_KEY results in the use of a hard-code...
EUVD-2026-18577
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...
CVE-2026-5456
The CVE-2026-5456 entry affects Align Technology My Invisalign App 3.12.4 on Android, targeting the component com.aligntech.myinvisalign.emea via the file path com/aligntech/myinvisin.../BuildConfig.java (unknown function). The vulnerability arises from manipulation of the argument CDAACCESS_TOKE...
CVE-2026-5453
A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...
CVE-2026-5453
Summary: CVE-2026-5453 affects the Android app “Rico só vantagem pra investir” up to version 4.58.32.12421. The vulnerability concerns the component br.com.rico.mobile SegmentSettingsModule.java, where manipulation of the argument SEGMENT_WRITE_KEY leads to use of a hard-coded cryptographic key. ...
EUVD-2026-17966
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...
CVE-2026-5037
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...
CVE-2026-5037
CVE-2026-5037 affects mxml up to 4.0.4, specifically the mxmlIndexNew component in mxml-index.c. The issue is a stack-based buffer overflow triggered by manipulating the tempr argument, with exploitation restricted to local execution. Public exploit details exist and a patch identified by the has...
CVE-2016-20044
CVE-2016-20044 concerns PInfo 0.6.9-5.1, where a local buffer overflow via the -m parameter allows a local attacker to execute arbitrary code. The advisory describes crafting input with 564 bytes of padding followed by a return address to overwrite the instruction pointer and run shellcode with t...
CVE-2026-4993 wandb OpenUI config.py hard-coded credentials
A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...
CVE-2026-4993 wandb OpenUI config.py hard-coded credentials
A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...
PT-2026-28258
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the...
EKG Gadu 缓冲区错误漏洞
EKG Gadu is a multi-protocol instant messaging client software developed by EKG Corporation. In versions EKG Gadu 1.9–pre+r2855-3+b1, there was a buffer error vulnerability. This vulnerability stemmed from local buffer overflows in username processing, which could allow local attackers to execute...
MAME 缓冲区错误漏洞
MAME is an open-source software simulation platform for running arcade games and historical computer systems. Version 0.154-3.1 of MAME contains a buffer error vulnerability, which stems from a buffer overflow in the handling of the gamma parameter. This vulnerability could allow local attackers ...
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-4823 Enter Software Iperius Backup NTLM2 information disclosure
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...
CVE-2019-25634 Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...
CVE-2019-25629
AIDA64 Extreme 5.99.4900 is affected by a structured exception handler (SEH) buffer overflow in the logging functionality. The vulnerability allows local code execution by supplying a malicious CSV log file path; an attacker can inject shellcode via the Hardware Monitoring logging preferences, tr...