14 matches found
EUVD-2026-23786
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
03-gs-ee-6 (=0.3.5), @albgen/capacitor-escpos-plugin (>=0.0.4 <=1.0.1) +2917 more potentially affected by CVE-2026-33750 via brace-expansion (>=4.0.0 <=5.0.2)
brace-expansion NPM version =4.0.0, =0.0.4, =1.1.7, =1.1.8 - @angranit/fantom-virma =0.1.0 - @angranit/first-step-to-get-tea =0.1.0 - @angranit/hapeipons =1.1.2 - @angranit/nearly-vm =0.1.0 - @angranit/newme-project =0.1.0 - @angranit/npmjs-for-tea-project =0.1.0 - @angranit/phantompirs =0.1.0 -...
Advanced BLE Scanner with RPA Resolution for Flipper Zero
This project implements a high-performance Bluetooth Low Energy BLE scanner on Flipper Zero, supporting all BLE versions from 4.0 to 5.3. It can discover nearby devices, track specific devices by MAC address, and resolve privacy-randomized Resolvable Private Addresses RPA using Identity Resolving...
CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-25498
Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...
[20260101] - Core - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
CVE-2025-61733
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
Zyxel USG FLEX 安全漏洞
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in the Zyxel USG FLEX Series 4.50 to 5.35 firmware versions, USG FLEX 50W 4.30 to...
PT-2023-19076 · Pi-Hole · Pi-Hole
Name of the Vulnerable Software and Affected Versions: Pi-hole versions 4.0 through 5.18.2 Description: The issue concerns the improper use of the admin WEBPASSWORD hash as a "Remember me for 7 days" cookie value in Pi-hole's Web interface. This allows an attacker to "pass the hash" and login or...
PT-2022-10643 · Siemens · Ruggedcom Rs8000 +50
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM i800 RUGGEDCOM i800NC RUGGEDCOM i801 RUGGEDCOM i801NC RUGGEDCOM i802 RUGGEDCOM i802NC RUGGEDCOM i803 RUGGEDCOM i803NC RUGGEDCOM M2100 RUGGEDCOM M2100F RUGGEDCOM M2100NC RUGGEDCOM M2200 RUGGEDCOM M2200F RUGGEDCOM M2200NC RUGGEDCOM M9...
PT-2021-7762 · Rockwell Automation · Isagraf Runtime
Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the encryption of passwords used to execute privileged commands in the ISaGRAF Runtime. Specifically, a fixed key value is used with the tiny...
Linux kernel information disclosure vulnerability (CNVD-2020-03543)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the flowdissector function in Linux kernel versions 4.3 through 5.x fixed in version 5.3.10. The vulnerability stems...
CVE-2016-2999
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack...
PT-2012-2039 · Whmcs · Whmcs
Name of the Vulnerable Software and Affected Versions: WHMCS versions 4.0.x through 5.0.x Description: The issue is related to improper handling of characters in the subject field of a crafted ticket, which can trigger arbitrary code execution in the Smarty templating system. This allows remote...