102438 matches found
EUVD-2018-21948
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...
CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...
web-application-security-testing-tool
web-application-security-testing-tool A Python-based Web Appli...
CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-35671
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...
WinMTR 安全漏洞
WinMTR is an open-source network diagnostic tool developed by WinMTR. Version 0.91 of WinMTR contains a security vulnerability, which stems from a buffer overflow. This vulnerability could allow attackers to cause the application to crash by sending malicious load files containing repeated...
Malicious Package
Overview @t-in-one/getapplicationhid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @t-in-one/addapplication is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
NileBank-Vulnerable-App
NileBank - Web Pen Testing Project A realistic bank web appli...
CVE-2026-9831
The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Exploit for CVE-2026-22557
CVE-2026-22557 Vulnerability Assessment Tool Safely detect wh...
CVE-2026-30760
An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...
EUVD-2026-33378
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...
CVE-2026-9051 Authentication Bypass Vulnerability in NI SystemLink Enterprise
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send...