MiracleLinux 7 : binutils-2.27-44.0.1.base.el7.1.AXS7 (AXSA:2025-9812:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9812:01 advisory. - CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes CVEs: CVE-2025-0840 A vulnerability, which was classified as problematic, was found in...

CVE-2026-22781 TinyWeb CGI Command Injection

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...

CVE-2025-46066

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges...

Automai Director 安全漏洞

Automai Director is a centralized automation management console from Automai Corporation. A security vulnerability exists in Automai Director version 25.2.0, which can be exploited by a remote attacker to elevate privileges and gain access to sensitive information via a specially crafted js file...

CVE-2025-46066

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges...

PT-2026-2044

Name of the Vulnerable Software and Affected Versions Merit LILIN DVR/NVR models affected versions not specified Merit Lilin DH032 affected versions not specified Description An authenticated remote attacker can inject arbitrary OS commands on Merit LILIN DVR/NVR devices and execute them. This is...

ROS-20260112-7366

A vulnerability in the f2fs component of the Linux operating system kernel involves improper error handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-0840

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploi...

CVE-2026-0840 UTT 进取 520W formConfigNoticeConfig strcpy buffer overflow

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploi...

CVE-2026-0839 UTT 进取 520W APSecurity strcpy buffer overflow

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and...

CVE-2026-0839

CVE-2026-0839 affects UTT 进取 520W (firmware 1.7.7-180627). The vulnerability is a buffer overflow in the strcpy operation of the file /goform/APSecurity, exploitable via manipulation of the wepkey1 argument. Reported as exploitable from remote, with public exploit available. Affected component is...

CVE-2026-0837

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...

PT-2026-2035

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A flaw exists in the strcpy function within the /goform/APSecurity file. Manipulation of the wepkey1 argument can lead to a buffer overflow, potentially allowing for remote attacks. The exploit has...

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2025-69258

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...

CVE-2025-15493

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-15493

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2014-4190

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...

CVE-2014-4942

The EasyCart wp-easycart plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function...