8605 matches found
PT-2026-27694
In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie fwlog deinit function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: 148.576156 Oops: Oops: 0000 1 SMP...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Sensitive Information Exposure
github.com/coder/coder/v2 is vulnerable to Sensitive Information Exposure. The vulnerability is due to logging of Workspace Agent manifests containing sensitive values in plaintext without sanitization, which allows an attacker with access to logs to retrieve confidential information...
EUVD-2019-19998
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
CVE-2019-25629
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
CVE-2019-25629 AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
CVE-2019-25629
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
CVE-2019-25629 AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
CVE-2019-25629
AIDA64 Extreme 5.99.4900 is affected by a structured exception handler (SEH) buffer overflow in the logging functionality. The vulnerability allows local code execution by supplying a malicious CSV log file path; an attacker can inject shellcode via the Hardware Monitoring logging preferences, tr...
PT-2026-27591
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 iOS versions prior to 26.4 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 visionOS...
FinalWire AIDA64 Extreme 缓冲区错误漏洞
FinalWire AIDA64 Extreme is a diagnostic software developed by FinalWire Corporation, designed for system information detection, hardware monitoring, and performance testing. Version 5.99.4900 of FinalWire AIDA64 Extreme contains a buffer error vulnerability. This vulnerability stems from a...
PT-2026-27363
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...
PT-2026-27555
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.5 macOS versions prior to 14.8.5 macOS versions prior to 26.4 Description A logging issue allowed potential access to sensitive user data by applications. The issue was resolved through improved data redaction...
CVE-2026-33690
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...
CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...
CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...
CVE-2026-33690
WWBN AVideo (open source video platform) versions up to 26.0 contain a vulnerability in getRealIpAddr() in objects/functions.php that trusts user-controlled HTTP headers to derive the client IP. An attacker can spoof their IP by sending forged headers, potentially bypassing IP-based access contro...
websec-audit
🔐 websec-audit Professional Web Security Audit Framework...
📄 Starlink DNS Rebinding
This python script implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. ================================================================================================================================== | Title : Starlink DNS Rebinding Exploit | | Author : indoushka...
EUVD-2019-19952
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...