687 matches found
CVE-2026-3407 YosysHQ yosys BLIF File rtlil.h set heap-based overflow
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...
EUVD-2026-9140
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...
OpenClaw Cross-Site Request Forgery Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...
CVE-2026-3386
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...
CVE-2026-3386 wren-lang wren wren_compiler.c emitOp out-of-bounds
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...
GHSA-7777-FHQ9-592V ZITADEL has potential SSRF via Actions
Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...
CVE-2026-27945
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
CVE-2026-27945 ZITADEL has potential SSRF via Actions
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
CVE-2026-27945
CVE-2026-27945 affects Zitadel Action V2/3.x leading to potential SSRF via Action target URLs that point to local hosts/IPs. The issue: Action endpoints may be able to gather internal network information or reach internal services when the target URL is local, potentially exposing internal topolo...
CVE-2026-27945 ZITADEL has potential SSRF via Actions
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
CVE-2026-27945
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
EUVD-2026-8685
esm.sh has SSRF localhost/private-network bypass in /https module route...
Exploit for Command Injection in Microsoft
CVE-2025-54100-BYPASS- CVE-2025-54100 POC "simple" Bypass Patc...
OpenClaw 跨站请求伪造漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...
CVE-2026-2641
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...
CVE-2026-2641
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...
EUVD-2026-6120
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. Thi...
CVE-2026-2542
CVE-2026-2542 affects Total VPN 0.5.29.0 on Windows, where an unknown functionality in C:\Program Files\Total VPN\win-service.exe can be manipulated to yield an unquoted search path. This results in a local attack nameable as a path ambiguity issue. The vulnerability is described as high severity...
PT-2026-8316
Name of the Vulnerable Software and Affected Versions Total VPN version 0.5.29.0 Description A security issue exists in Total VPN 0.5.29.0 on Windows related to an unquoted search path within the file C:Program FilesTotal VPNwin-service.exe. This can lead to potential local privilege escalation...
Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-7546)
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...