CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

CVE-2026-38060

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...

GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

Summary A guessable session cookie vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Confirmed...

Tool Calling in Spring AI 2.0: A Composable, Agentic Architecture

Tool calling — the ability for an AI model to invoke application-defined functions and act on the results — is the essential building block of agentic AI systems. A model that can discover information, take action, and loop until a goal is reached is an agent. Spring AI 2.0 rearchitects tool...

UBUNTU-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function...

PT-2026-49527

Name of the Vulnerable Software and Affected Versions Socket versions prior to 2.041 Description An out-of-bounds heap read exists in the pack ip mreq source function. The issue occurs because the function validates the length of the source argument using the byte length of the preceding multiadd...

CVE-2025-55647

The CVE-2025-55647 entry concerns GPAC MP4Box v2.4. The vulnerability is an Out-of-Memory in mp4_mux_cenc_insert_pssh (filters/mux_isom.c) that allows a crafted MP4 file to cause a Denial of Service. Affected component is the mp4_mux_cenc_insert_pssh function; the root cause is memory exhaustion ...

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

PT-2026-49562

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

PT-2026-49573

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

ROS-20260615-73-0007

The vulnerability of the StreamEnsureCapacity function in the RDP client FreeRDP is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

ROS-20260615-73-0008

The vulnerability of the StreamEnsureCapacity function in the RDP client FreeRDP is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

CVE-2025-55642

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...