CVE-2019-25327 Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

CVE-2019-25327 Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

CVE-2019-25318

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

CVE-2019-25319 Domain Quester Pro 6.02 - Stack Overflow (SEH)

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation...

CVE-2019-25318 AVS Audio Converter 9.1.2.600 - Stack Overflow

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

CVE-2019-25318 AVS Audio Converter 9.1.2.600 - Stack Overflow

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

CVE-2019-25318

The CVE describes a stack overflow in AVS Audio Converter 9.1.2.600 triggered by manipulating the output folder text input. A crafted payload can overwrite stack memory and execute arbitrary code, resulting in a bind shell on port 9999 when the Browse button is clicked. No remediation details are...

CVE-2019-25319

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation...

CVE-2019-25319 Domain Quester Pro 6.02 - Stack Overflow (SEH)

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-25933

The vulnerability CVE-2026-25933 affects Arduino App Lab prior to 0.4.0. The Terminal component fails to sanitize/validate _info.Serial and _info.Address data from connected hardware, allowing specially crafted strings to execute as the user when a tampered board is used. Exploitation requires ph...

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2026-2248

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...