16916 matches found
CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure
Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...
EUVD-2020-30881
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
EUVD-2025-206470
An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-24808 A possible integer overflow vulnerability in RawTherapee/RawTherapee
Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11...
PT-2026-4854
Name of the Vulnerable Software and Affected Versions ASDA-Soft affected versions not specified Description ASDA-Soft contains a stack-based buffer overflow issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
Google Chrome < 144.0.7559.109 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...
CVE-2020-36953 MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and...
GHSA-R6Q2-HW4H-H46W vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, lerna, prism, opensearch-dashboards, py3-jupyterlab, kubeflow-pipelines, pnpm-stage0, pulumi, renovate, saf, sqlpad, code-server, tileserver-gl, kubeflow-katib, node-gyp, vitess, tensorflow-cpu-jupyter...
CVE-2025-68857
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...
PT-2026-3927
Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers.This issue affects Teknoera: through 01102025...
PT-2026-3524
Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.4 Description A security flaw exists in CRMEB that allows improper authentication. This is due to manipulation of the openId argument within the appleLogin function located in the file...
Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-52863)
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...
CVE-2026-23644
esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...
PT-2026-3222
Name of the Vulnerable Software and Affected Versions Delta Electronics DIAView affected versions not specified Description DIAView software contains a command injection issue. The software is susceptible to command injection, potentially allowing an attacker to execute arbitrary commands...
Laravel Valet security vulnerabilities
Laravel Valet is an open-source PHP development framework available on https://laravel.com/. There are security vulnerabilities in the version of Laravel Valet from 1.1.4 to 2.0.3. These vulnerabilities stem from allowing users to modify the valet command with root privileges, which could lead to...
CVE-2025-13454
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information...
Adobe Substance3D Stager 资源管理错误漏洞
Adobe Substance3D Stager is a set and rendering software for 3D scenes from Audobee Adobe USA. A resource management error vulnerability exists in Adobe Substance3D Stager 3.1.5 and prior versions, which stems from reuse after release and could lead to the execution of arbitrary code...
Adobe InDesign Desktop 缓冲区错误漏洞
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
CVE-2023-40297
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component...