252289 matches found
K000161415: Craft CMS vulnerability CVE-2025-32432
Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...
Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy
Disclaimer The code and materials contained in this repository...
Exploit for CVE-2026-42945
CVE-2026-42945-Nginx-RCE-bypass-ASLR CVE-202...
CVE-2026-9456 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...
CVE-2026-42046
A flaw was found in libcaca, a colour ASCII art library. An integer overflow vulnerability in the canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write by supplying a specially crafted file in the "caca" format. This heap overflow can lead to memory...
USN-8300-1 ngtcp2 vulnerability
Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...
USN-8300-1: ngtcp2 vulnerability
Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...
CVE-2026-9277
A flaw was found in the shell-quote component. The quote function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpre...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - React2shell A Python 2.7 exploit for CVE-2...
Exploit for CVE-2026-38427
CVE-2026-38427: Integer Wraparound → Heap Buffer Overflow in T...
Exploit for CVE-2026-38422
CVE-2026-38422: Remote Code Execution via Combined Buffer Over...
Malicious code in authcascade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...
MAL-2026-4491 Malicious code in authcascade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fece3d89e066c6c3452fda608e77747b7d4fa4cbbf6498fd41e5a5a765d57d9 On require'authcascade', the package's main entry pino.js loads lib/writer.js which a builds a data object containing the full process.env, OS...
MAL-2026-4511 Malicious code in chai-as-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...
Malicious code in chai-as-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 - GitHub Enterprise Server that allowed an Remot...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...
Exploit for CVE-2026-36239
CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...
Alibaba Cloud Linux 3 : 0132: gimp:2.8 (ALINUX3-SA-2026:0132)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0132 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4150: GIMP PSD File Parsing Integ...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Evince vulnerability (USN-8295-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8295-1 advisory. It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially...