EUVD-2026-31863

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

PT-2026-2167

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...

Exploit for CVE-2025-0288

CVE-2025-0287 This repository contains a screenshot of the vu...

EUVD-2025-201545

A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RE2000v2RepeatergetwirelessclientlistsetClientsName of the file modform.so. Executing manipulation of the...

CVE-2025-14133 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 mod_form.so AP_get_wireless_clientlist_setClientsName stack-based overflow

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function APgetwirelessclientlistsetClientsName of the file modform.so. Performing manipulation of the argument...

PT-2025-48672

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the software due to insufficient bounds checking when handling user-supplied input. The ShowDownload function utilizes sprintf to format a string,...

PT-2025-45473

Name of the Vulnerable Software and Affected Versions AstrBot Project version 3.5.22 Description The software contains an arbitrary file read issue in the encode image bs64 function. This function, defined in entities.py, opens an image specified by a user-controlled request body and returns its...

cryptidy-analysis

PoC for cryptidy pickle deserialization RCE 🚨 CVE PoC — Unsaf...

EUVD-2020-17687

Malware in sbrugna...

EUVD-2025-28280

Malicious code in bioql PyPI...

EUVD-2023-43218

Malicious code in bioql PyPI...

EUVD-2025-25717

Malicious code in bioql PyPI...

CVE-2025-10838 Tenda AC21 WifiExtraSet sub_45BB10 buffer overflow

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapskcrypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and...

CVE-2025-10325

CVE-2025-10325 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability centers on the sub_401340/sub_401BA4 function in /cgi-bin/login.cgi, where improper handling of the ipaddr parameter enables remote command injection. Public PoC/exploits exist, and multiple feeds confirm remote execut...

Linux Distros Unpatched Vulnerability : CVE-2024-56732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...

Netis WF2880 安全漏洞

The Netis WF2880 is a wireless router from the Chinese company Netis. A buffer overflow vulnerability exists in the Netis WF2880 FUN0046ed68 function, which can be exploited by an attacker to cause a denial of service...

CVE-2025-8843 NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow

A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function machonodeadstrip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

GHSA-V6H2-P8H4-QCJW brace-expansion Regular Expression Denial of Service vulnerability

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

Security advisory: Recently discovered issue in qDecodeDataUrl() in QtCore impacts Qt

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. This has been assigned the CVE id CVE-2025-5455. Affected versions: All version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8,...