178 matches found
Exploit for Argument Injection in Gnu Inetutils
CVE-2026–24061 : GNU InetUtils telnetd Authentication Bypass...
CVE-2026-35353
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...
EUVD-2026-25015
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from the lack of explicit permission restrictions when nohup is used to create the default output file. This vulnerability could allow any user in...
Adobe Framemaker Type Obfuscation Vulnerability
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A type confusion vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrar...
Adobe Framemaker Heap Buffer Overflow Vulnerability (CNVD-2026-19998)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a heap buffer overflow vulnerability that could be exploited by an attacker to cause...
Adobe Photoshop Installer 安全漏洞
Adobe Photoshop Installer is a installation program for the image editing software Adobe Photoshop. The Adobe Photoshop Installer has a security vulnerability, which stems from uncontrolled search path elements, potentially allowing arbitrary code to be executed in the current user environment...
Adobe Framemaker Numeric Error Vulnerability (CNVD-2026-19995)
Adobe Framemaker is a professional desktop publishing software for creating and editing large technical documents. A numeric error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Adobe Framemaker 安全漏洞
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a heap buffer overflow vulnerability that could be exploited by an attacker to cause...
Adobe Framemaker 代码问题漏洞
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An untrusted search path vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to caus...
Adobe Framemaker 数字错误漏洞
Adobe Framemaker is a professional desktop publishing software for creating and editing large technical documents. A numeric error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Adobe Photoshop Desktop 缓冲区错误漏洞
Adobe Photoshop Desktop is a photo manipulation software from the American company Audobee Adobe. Adobe Photoshop Desktop suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause code execution in the current user's environment...
PT-2026-29091
Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...
WatchGuard Fireware OS 安全漏洞
WatchGuard Fireware OS is a software operated by the American company WatchGuard, running on Firebox devices. Versions 12.1 to 12.11.8 and 2025.1 to 2026.1.2 of WatchGuard Fireware OS contain security vulnerabilities due to insecure deserialization, which may allow arbitrary code to be executed i...
Exploit for Argument Injection in Gnu Inetutils
CVE-2026-24061 - telnetd auth bypass o co chodzi argument...
SAP GUI for Windows 代码问题漏洞
SAP GUI for Windows is an interface graphical software for Windows developed by the German company SAP. SAP GUI for Windows has a code vulnerability that stems from allowing DLL files to be loaded from any directory within the application. This vulnerability may allow malicious commands to be...
CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...
Adobe Substance3D Designer Buffer Overflow Vulnerability (CNVD-2026-14504)
Adobe Substance3D Designer is a texture and material creation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Substance3D Designer, which can be exploited by an attacker to execute arbitrary code in the current user environment...
OpenClaw 访问控制错误漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause session content disclosure in a multi-user environment...