CVE-2026-47069

CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...

Calibre-Web Automated 安全漏洞

Calibre-Web Automated is a self-hosted digital library management tool developed by CrocodileStick’s individual developer. Versions of Calibre-Web Automated prior to 4.0.6 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the generateauthtoken functi...

Siemens SINEC NMS 代码问题漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

Genealogy 跨站脚本漏洞

Genealogy is a genealogy PHP application from the individual developer of KREAWEB.be. A cross-site scripting vulnerability exists in Genealogy versions prior to 4.4.0, which stems from a reflective cross-site scripting vulnerability that could lead to session hijacking and data theft...

PT-2024-26926 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 OpenHarmony version 4.0.0 Description: The issue allows a remote attacker to execute arbitrary code in pre-installed apps through out-of-bounds read and write. Recommendations: For OpenHarmony versions prio...

PT-2022-17576 · Czproject · Gitphp

Name of the Vulnerable Software and Affected Versions: czproject/git-php versions prior to 4.0.3 Description: The issue allows for Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to th...

CVE-2020-5536

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors...

Samba Denial of Service Vulnerability (CNVD-2018-06396)

Samba is a set of free software developed by the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A security...

CVE-2016-2846

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors...

PT-2005-3554 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 4.0 Description: The issue allows an attacker that has compromised an SSH user's account to more easily generate a list of additional targets that are more likely to have the same password or key. This is because...