Astra Linux - уязвимость в chromium

Before version 102.0.5005.61, using “after free” in the App Service in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension...

CVE-2026-3667

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

CVE-2026-3667

CVE-2026-3667 affects Freedom Factory dGEN1 (up to 20260221) with the vulnerability in the function FakeAppService of the component org.ethosmobile.ethoslauncher. The underlying issue is improper authorization, exploitable from a local attacker. Public exploits exist and the vendor was notified w...

CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2023-53941

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...

CVE-2023-53941

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...

CVE-2023-53941

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...

CVE-2023-53941 EasyPHP Webserver 14.1 Remote Code Execution

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...

CVE-2023-53941

CVE-2023-53941 describes an OS command injection in EasyPHP Webserver 14.1. An unauthenticated attacker can trigger remote code execution by crafting the app_service_control payload and sending a POST to /index.php?zone=settings, leading to commands executed with administrative privileges. The CV...

CVE-2024-2104

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

EUVD-2024-27068

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

PT-2025-50323

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

EUVD-2019-9929

Malware in sbrugna...

EUVD-2023-25944

Malicious code in bioql PyPI...

EUVD-2022-25143

Malicious code in bioql PyPI...

CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...

CVE-2019-1372

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the...

How to convert PFX certificate without importing password to PEM certificate on ADC

This article provides instruction on how toconvert PFX certificate with importing password to PEM certificate in our document using "Import PKCS12" on GUI. Refer to...