CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

CVE-2026-33537 Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

EUVD-2025-202271

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7...

UBUNTU-CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

One Identity Safeguard for Privileged Sessions 安全漏洞

One Identity Safeguard for Privileged Sessions is a platform from US-based One Identity, Inc. stores and manages sensitive credentials such as passwords, keys and other keys in a centralized, hardened vault. A security vulnerability exists in One Identity Safeguard for Privileged Sessions prior t...

SUSE CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

CVE-2022-32512

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS Versions prior to V7.5.1...

PT-2022-28141 · Unknown · Modbus Tools Modbus Slave

Name of the Vulnerable Software and Affected Versions: Modbus Tools Modbus Slave versions up to 7.5.1 Description: A critical issue has been found in the mbs File Handler component, specifically in the file mbslave.exe, leading to a buffer overflow. This can be exploited remotely. The issue affec...

CVE-2022-35701

creationtimestamp| type| source ---|---|--- 2022-09-19 20:38:09+00:00| seen| https://t.me/cibsecurity/50056...

PT-2022-3472 · Canbrass · Canbrass

Name of the Vulnerable Software and Affected Versions: CanBRASS versions prior to V7.5.1 Description: A memory buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. This issue is related to improper restriction of operatio...

Panasonic FPWIN Pro 代码问题漏洞

Panasonic FPWIN Pro is a controller programming software from Panasonic Corporation Japan. A code issue vulnerability exists in Panasonic FPWIN Pro 7.5.1.1 and earlier versions, which can be exploited by an attacker to disclose information that is accessible within the context of the user executi...

CVE-2017-5527

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

CVE-2016-2027

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026...