2840 matches found
CVE-2026-30613
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...
PT-2026-30563
A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed equip report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotel...
PT-2026-29329
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...
CVE-2019-25655
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing...
[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42
HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools...
CVE-2025-55272
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...
PT-2026-28546
Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...
CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...
PT-2026-28147
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/get claim file.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...
CVE-2026-33473
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...
Pixarra Liquid Studio 安全漏洞
Pixarra Liquid Studio is a digital art creation software developed by the American company Pixarra. It focuses on creating works in the “organic block-style” style, suitable for concept art, illustrations, textures, backgrounds, and the rendering of natural forms. Version 2.17 of Pixarra Liquid...
PT-2026-26897
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an...
CVE-2026-32318
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...
PT-2026-25602
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...
CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...
CVE-2026-32424 WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through = 3.2.2...
CVE-2026-0809
CVE-2026-0809 concerns Streamsoft Prestiż. The vulnerability arises from a weak, custom token encoding algorithm used by the software, which enables an attacker to guess the KSeF (Krajowy System e‑Faktur) token after analyzing how tokens with known values are encoded. The issue affects Streamsoft...
PT-2026-25088
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. The software experiences a panic, leading to a denial of service, when processing a PathSwitchRequest containing UE Security Capabilities with...
EUVD-2026-11334
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...