2128 matches found
Hoverfly < 1.10.3 - Arbitrary File Read
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-8314
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the siman.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8312
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the expmt.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8313
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8085
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the model.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8314
CVE-2026-8314 affects Rockwell Automation Arena Simulation’s siman.exe component. The issue is a memory corruption/out-of-bounds write caused by inadequate validation of user-supplied data, enabling code execution in the user’s context when a malicious file is opened. The CVSS v4.0 score is 7.0 (...
CVE-2026-8312
The CVE-2026-8312 entry concerns Arena® Simulation’s expmt.exe (Siman) component. It describes a memory corruption vulnerability caused by improper validation of user-supplied data, leading to an out-of-bounds write. The documented impact is arbitrary code execution in the context of the current ...
CVE-2026-8085
The CVE concerns Arena® Simulation, specifically memory corruption in the model.exe (Siman) component caused by improper validation of user-supplied data, leading to an out-of-bounds write. Exploitation could allow arbitrary code execution in the context of the current process when a user opens a...
PT-2026-58019
Name of the Vulnerable Software and Affected Versions Arena Simulation affected versions not specified Description An issue exists in the model.exe Siman component where improper validation of user-supplied data leads to memory corruption via an out-of-bounds write. This occurs when the software...
PT-2026-58020
Name of the Vulnerable Software and Affected Versions Arena Simulation affected versions not specified Description A memory corruption issue exists in the expmt.exe Siman component. The flaw is caused by improper validation of user-supplied data, leading to an out-of-bounds write, which occurs wh...
PT-2026-58022
Name of the Vulnerable Software and Affected Versions Arena Simulation affected versions not specified Description A memory corruption issue exists in the siman.exe Siman component. The flaw is caused by improper validation of user-supplied data, leading to an out-of-bounds write, which occurs wh...
EUVD-2026-38958
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ldabs,ind failure path analysis in subprogs Usage of ldabs,ind instructions got extended into subprogs some time ago via commit 09b28d76eac4 "bpf: Add abnormal return checks.". These are only allowed in subprograms when...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Proper initialization of work context pointers Proper initialization of the pointers to the ops member by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise, the pointers may...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: vhost: The bound check for the vdpa group has been moved to vhostvdpa. Duplication has been eliminated by consolidating these changes. This reduces the possibility that a parent driver may miss these checks. Additionally, we...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Net: Consume xmit errors of GSO frames. udpgrofrglist.sh and udpgrobench.sh are the most flaky tests currently in NIPA. They fail in exactly the same way. The TCP GRO test occasionally stalls, and the test terminates after 10...
Cyber-Arena
CyberArena - Cybersecurity Challenge Platform CyberArena is a...
MARCIM-WG: A Cyber Wargame Proposal Based on Math Modeling Applied in a Naval Scenario
As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness CSA therefore requires training mechanisms that expose decision-makers to...
When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems
Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...
EUVD-2026-34915
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...