EUVD-2026-13172

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

wolfSSL（CyaSSL） 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Versions of wolfSSL CyaSSL prior to version 5.8.4 contained security vulnerabilities. These vulnerabilities stemmed from logical...

CVE-2025-68035

Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through = 5.8.4...

WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin Tabby Checkout versions = 5.8.4...

CVE-2021-47692

CVE-2021-47692 is a duplicate of CVE-2021-33179 and is rejected as a separate entry. The connected Red Hat and NVD records describe Nagios XI general UI versions prior to 5.8.4 as vulnerable to authenticated reflected cross-site scripting (XSS). An authenticated user who visits a crafted URL coul...

CVE-2024-56804

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...

CVE-2024-56804

Video Station is affected by an SQL injection vulnerability (CVE-2024-56804). The issue requires an attacker who has already gained a user account to trigger SQL injection and execute unauthorized code or commands on the system. The vulnerability exists in versions prior to 5.8.4 and has been fix...

CVE-2024-56804 Video Station

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...

PT-2025-40543

Name of the Vulnerable Software and Affected Versions Video Station versions prior to 5.8.4 Description An SQL injection issue exists in Video Station. A remote attacker who has obtained a user account can potentially execute unauthorized code or commands. Recommendations Update to Video Station...

Rapid SCADA 安全漏洞

Rapid SCADA is a full-featured SCADA software from Rapid SCADA Open Source. A security vulnerability exists in Rapid SCADA version 5.8.4, which originates in the file ScadaServerEngine/MainLogic.cs where CheckUser allows the use of empty passwords...

Rapid Software Rapid SCADA Input Validation Error Vulnerability

Rapid Software Rapid SCADA is an open source industrial automation platform from Rapid Software. An input validation error vulnerability exists in Rapid Software Rapid SCADA version 5.8.4 and prior versions, which originates from a vulnerability that allows an attacker to redirect a user to a...

ZOOM Client 缓冲区错误漏洞

ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings, which stems from the discovery of a vulnerability in Zoom Meeting Client for Android, iOS, Linux, macOS, and Windows prior to version...