301 matches found
CVE-2026-10666
parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...
CVE-2026-10663
In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...
CVE-2026-10657
The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...
CVE-2026-10687
This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix author, determined that the addressed defect does not apply to any released version of Zephyr: the affected code path exists only in unreleased development code, and no released branch is...
PT-2026-49108
CVE-2026-10676 - Rejected reason: This CVE Record has been rejected CVE ID :CVE-2026-10676 Published : June 12, 2026, 12:16 a.m. | 1 hour, 14 minutes ago Description :Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed...
CVE-2026-5072
A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...
WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability
Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...
CVE-2025-12496
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-12496
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...
WordPress Zephyr Project Manager plugin <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability
Authenticated Custom+ Arbitrary File Read And Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin Zephyr Project Manager versions = 3.3.203...
CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-12496
The CVE-2025-12496 entry concerns the Zephyr Project Manager WordPress plugin. It describes a Directory Traversal vulnerability across all versions up to 3.3.203 via the file parameter, enabling authenticated attackers with Custom-level access and above to read arbitrary server files (potentially...
EUVD-2025-203881
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...
WordPress plugin Zephyr Project Manager 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...
EUVD-2020-2493
Malware in sbrugna...
EUVD-2020-2524
Malware in sbrugna...
EUVD-2020-2492
Malware in sbrugna...
EUVD-2017-5709
Malware in sbrugna...
EUVD-2020-2484
Malware in sbrugna...