ROS-20260615-73-0022

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0023

The vulnerability of the xfrailserverlocalmovesize function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

PT-2026-49281

Name of the Vulnerable Software and Affected Versions OpenCPN version 5.12.0 Description A code injection issue exists in the wxExecute function, which allows attackers to execute arbitrary code by embedding shell metacharacters. Shell metacharacters are special characters interpreted by the...

ROS-20260615-73-0024

The vulnerability of the xfrailserverlocalmovesize function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

CVE-2026-12193

VS Revo RevoUninstaller 2.5.x/2.6.x contains a heap-based overflow in IOCtl_Handler of RevoDetector.sys (IOCTL Handler). The vulnerability enables a local attack and is supported by publicly available exploit material. Upgrading to version 2.7.0 fixes the issue. If you rely on affected builds, ap...

CVE-2026-12191

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

CVE-2026-12192

GALAYOU Y4 Web Server 1.0.0 is affected by a buffer overflow in an unspecified Web Server function. The flaw enables local-network exploitation with no authentication required and affects confidentiality, integrity, and availability. Public exploit details are indicated in the CVE context, and th...

CVE-2026-12191 Comma AI Openpilot Pickle modeld.py pickle.loads deserialization

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

CVE-2026-12191 Comma AI Openpilot Pickle modeld.py pickle.loads deserialization

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

CVE-2026-12191

CVE-2026-12191 affects Comma AI Openpilot 0.11. The issue is a deserialization vulnerability in the pickle.loads/pickle.load usage inside selfdrive/modeld/modeld.py (Pickle Module). Exploitation requires local access. The CVSS metrics indicate high impact (confidentiality, integrity, availability...

Exploit for CVE-2026-36826

CVE-2026-36826: SQL Injection in genesisQL = 1.1.1 Summar...

CVE-2026-12186

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...