Lucene search
K

2051 matches found

Snyk
Snyk
added 2026/04/06 12:30 a.m.2 views

Arbitrary Command Injection

Overview @elgentos/magento2-dev-mcp is a Magento 2 Development MCP Server for AI agents - provides cache management, module tools, and system diagnostics Affected versions of this package are vulnerable to Arbitrary Command Injection via the executeMagerun2Command function. An attacker can execut...

5.3CVSS6.3AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 7:16 a.m.5 views

CVE-2026-5455

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

4.8CVSS0.00106EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 7:0 a.m.23 views

CVE-2026-5458

CVE-2026-5458 affects Noelse Individuals & Pro App up to v2.1.7 on Android. The vulnerability references an issue in the file path com/reactnative/antelop/BuildConfig.java within the component com.afone.noelse, where manipulation of the argument SEGMENT_WRITE_KEY results in the use of a hard-code...

4.8CVSS5.4AI score0.00144EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/03 6:31 a.m.6 views

EUVD-2026-18577

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

4.8CVSS5.4AI score0.00144EPSS
Exploits0References5
CVE
CVE
added 2026/04/03 6:15 a.m.17 views

CVE-2026-5456

The CVE-2026-5456 entry affects Align Technology My Invisalign App 3.12.4 on Android, targeting the component com.aligntech.myinvisalign.emea via the file path com/aligntech/myinvisin.../BuildConfig.java (unknown function). The vulnerability arises from manipulation of the argument CDAACCESS_TOKE...

4.8CVSS5.5AI score0.00105EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 5:16 a.m.12 views

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

4.8CVSS0.00141EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 4:30 a.m.10 views

CVE-2026-5453

Summary: CVE-2026-5453 affects the Android app “Rico só vantagem pra investir” up to version 4.58.32.12421. The vulnerability concerns the component br.com.rico.mobile SegmentSettingsModule.java, where manipulation of the argument SEGMENT_WRITE_KEY leads to use of a hard-coded cryptographic key. ...

4.8CVSS5.3AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/01 6:36 p.m.2 views

EUVD-2026-17966

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

2.5CVSS5.2AI score0.00099EPSS
Exploits0References7
NVD
NVD
added 2026/03/29 9:15 a.m.5 views

CVE-2026-5037

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

4.8CVSS0.00128EPSS
Exploits0References7
CVE
CVE
added 2026/03/29 8:45 a.m.25 views

CVE-2026-5037

CVE-2026-5037 affects mxml up to 4.0.4, specifically the mxmlIndexNew component in mxml-index.c. The issue is a stack-based buffer overflow triggered by manipulating the tempr argument, with exploitation restricted to local execution. Public exploit details exist and a patch identified by the has...

4.8CVSS6.2AI score0.00128EPSS
Exploits0References7
CVE
CVE
added 2026/03/28 11:58 a.m.6 views

CVE-2016-20044

CVE-2016-20044 concerns PInfo 0.6.9-5.1, where a local buffer overflow via the -m parameter allows a local attacker to execute arbitrary code. The advisory describes crafting input with 564 bytes of padding followed by a return address to overwrite the instruction pointer and run shellcode with t...

8.6CVSS6.4AI score0.00241EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/28 9:15 a.m.35 views

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS0.00144EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/28 9:15 a.m.2 views

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00144EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28258

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the...

8.6CVSS6.6AI score0.00194EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

EKG Gadu 缓冲区错误漏洞

EKG Gadu is a multi-protocol instant messaging client software developed by EKG Corporation. In versions EKG Gadu 1.9–pre+r2855-3+b1, there was a buffer error vulnerability. This vulnerability stemmed from local buffer overflows in username processing, which could allow local attackers to execute...

8.6CVSS6.4AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.9 views

MAME 缓冲区错误漏洞

MAME is an open-source software simulation platform for running arcade games and historical computer systems. Version 0.154-3.1 of MAME contains a buffer error vulnerability, which stems from a buffer overflow in the handling of the gamma parameter. This vulnerability could allow local attackers ...

8.6CVSS6.3AI score0.00147EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

5.3CVSS5.6AI score0.00779EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 9:44 p.m.3 views

CVE-2026-4823 Enter Software Iperius Backup NTLM2 information disclosure

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

2.5CVSS5.1AI score0.00131EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/24 11:27 a.m.3 views

CVE-2019-25634 Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

8.6CVSS6.6AI score0.00262EPSS
Exploits1References4
CVE
CVE
added 2026/03/24 11:27 a.m.12 views

CVE-2019-25629

AIDA64 Extreme 5.99.4900 is affected by a structured exception handler (SEH) buffer overflow in the logging functionality. The vulnerability allows local code execution by supplying a malicious CSV log file path; an attacker can inject shellcode via the Hardware Monitoring logging preferences, tr...

8.6CVSS6.8AI score0.00217EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder