CVE-2026-37100

An issue in the Bluetooth Low Energy BLE control interface of the Yamaha SR-B30A sound bar firmware 2.40 Mobile App: Sound Bar Remote / version: 2.40 allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol...

Yamaha SR-B30A 安全漏洞

The Yamaha SR-B30A is a bar-style audio device produced by the Japanese company Yamaha. Version 2.40 of the Yamaha SR-B30A contains a security vulnerability. This vulnerability stems from the Bluetooth low-power control interface, which allows unauthorized connections without authentication. This...

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

CVE-2025-58899

CVE-2025-58899 affects WordPress Frame/AncoraThemes Frame frame versions up to and including 2.4.0. The vulnerability is a PHP Local File Inclusion caused by improper control of the filename for include/require statements. As described in the sources, this can lead to local file inclusion within ...

CVE-2025-66419 MaxKB vulnerable to privilege escalation through sandbox bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0...

CVE-2025-49975 WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0...

CVE-2022-41964

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll...

Microsoft Azure 操作系统命令注入漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An operating system command injection vulnerability exists in Microsoft Azure CLI versions prior to 2.40.0, which originates from a host running Azure CLI commands where the parameter...

DEBIAN-CVE-2021-38425

eProsima Fast DDS versions prior to 2.4.0 2269 are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29542 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29542 Source advisory: OSV:GHSA-4HRH-9VMP-2JGG...

OpenJPEG integer overflow vulnerability (CNVD-2021-30596)

OpenJPEG is an open source JPEG 2000 codec written in C language . An integer overflow vulnerability exists in OpenJPEG version v2.4.0. An attacker can exploit the vulnerability by using the command line option "-ImgDir" on a directory containing 1048576 files to crash the program...

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PT-2020-4581 · Adobe · Magento Commerce

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.3.4 and earlier Magento Commerce version 2.4.0 Description: The issue exists due to insufficient input validation, potentially allowing a remote attacker to access confidential information. In maintenance mode, an...

Chat Anywhere extension for Chrome cross-site scripting vulnerability

Chat Anywhere extension for Chrome is an online chat plugin for use in Google Chrome. A cross-site scripting vulnerability exists in the Chat Anywhere extension for Chrome version 2.4.0, which stems from the danmuWrapper DIV element in the chatbox-only\danmu.js file being out of the scope of the...

CVE-2018-10608

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required...

Wireshark FCP Protocol Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.FCP protocol dissector is one of the FCP mesh channel protocol parsers. A securi...

CVE-2017-13993

An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path...

XnView Classic for Windows Arbitrary Code Execution Vulnerability (CNVD-2017-32592)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A security vulnerability exists in version 2.40 of XnView Classic for Windows...