CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

CVE-2026-44549

CVE-2026-44549 details (Open WebUI) : Open WebUI before 0.8.0 previews Excel attachments unsafely. The XLSX payload can trigger sheet_to_html to embed an XSS payload, which is then inserted into the DOM via @html without sanitization, enabling stored XSS. The issue is resolved in version 0.8.0. R...

Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

CVE-2026-4217

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

Google Go Code Execution Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

CVE-2025-66522

A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...

Remote Code Execution (RCE)

Apache Syncope is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe handling of custom Groovy implementations, where a malicious administrator can inject Groovy code that is executed by the Syncope Core at runtime, enabling remote code execution until sandboxing is...

EUVD-2025-201710

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

Cross-site Scripting

pyloadng is vulnerable to Cross-site Scripting. The vulnerability is due to unsafe handling of untrusted parameters in the Captcha and CNL endpoints, allowing attackers to inject malicious content or manipulate request processing, leading to Cross-site Scripting or other unintended behaviors...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

EUVD-2021-2025

Malware in sbrugna...

EUVD-2018-9986

Malware in sbrugna...

CVE-2025-7403 Bluetooth: bt_conn_tx_processor unsafe handling

Unsafe handling in btconntxprocessor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption...

CVE-2025-34060

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

The vulnerability of the row_insert_cast component in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the rowinsertcast component in the virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted...

CVE-2024-29979 Unsafe Handling of Phoenix UEFI Variables

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™...

The vulnerability of the logback-core module in the QOS monitoring system allows a perpetrator to execute arbitrary code.

The vulnerability of the logback-core module in the QOS monitoring system is related to the failure to take measures to neutralize special elements used in the expression language operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the...

The vulnerability of the sub47A60C function in the upgrade_filter.asp file of the D-Link DI-8100G network device allows a hacker to execute arbitrary commands.

The vulnerability of the sub47A60C function in the upgradefilter.asp file of the D-Link DI-8100G network device is related to the lack of measures taken to neutralize special elements used in operating systems commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrar...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...