402 matches found
PT-2026-44118
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...
EUVD-2026-31977
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...
CVE-2026-44844
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...
WordPress Woo Commerce Minimum Weight plugin <= 3.0.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Woo Commerce Minimum Weight versions = 3.0.1...
EUVD-2026-29111
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
CVE-2026-36906
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
IoTGateway 跨站脚本漏洞
IoTGateway is a cross-platform industrial IoT gateway developed by Sam’s individual developer. It supports device connectivity and bidirectional data communication. Version 3.0.1 of IoTGateway contains a cross-site scripting vulnerability. This vulnerability stems from the logging function, which...
CVE-2026-36906
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
CVE-2026-36906
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
PT-2026-39645
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
CVE-2025-63547
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field...
PT-2026-36524
Name of the Vulnerable Software and Affected Versions Eprosima Micro-XREC-DDS Agent version 3.0.1 Description A remote attacker can cause a denial of service by sending a crafted packet to the MTU length field. Recommendations At the moment, there is no information about a newer version that...
Micro XRCE-DDS Agent 安全漏洞
Micro XRCE-DDS Agent is an eProsima open source proxy bridging tool for resource constrained devices to communicate with the DDS world. A security vulnerability exists in Micro XRCE-DDS Agent version 3.0.1, which stems from the MTU length field in specially crafted packets and could lead to a...
Exploit for Path Traversal in Apktool
CVE-2026-39973-PoC This is a small C apk file builder for CV...
CVE-2026-7145
CVE-2026-7145 affects mettle SendPortal up to version 3.0.1. The vulnerability is in the destroy function of app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php (Invitation Handler), where manipulating the invitation argument leads to authorization bypass. The advisory states the a...
CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...
CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...
CVE-2026-39973
Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...