101 matches found
EulerOS 2.0 SP10 : elfutils (EulerOS-SA-2025-1505)
According to the versions of the elfutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelfgetsymshndx of th...
CVE-2025-20195
CVE-2025-20195 concerns Cisco IOS XE Software and describes a CSRF vulnerability in the web-based management interface. The issue arises from insufficient CSRF protections, enabling an unauthenticated, remote attacker to persuade an authenticated user to follow a crafted link, potentially executi...
CVE-2025-4184
Multiple connected sources confirm CVE-2025-4184 affects PCMan FTP Server 2.0.7, arising from the QUOTE Command Handler. The issue is a buffer overflow, with remote attack potential and publicly disclosed exploit details. Public fix status is not documented in the provided references; at least on...
CVE-2025-3340
A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/comboupdate.php. The manipulation of the argument ID leads to sql injection. The attack may be launche...
CVE-2025-3408 Nothings stb stb_dupreplace integer overflow
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stbdupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product...
📄 Sony XAV-AX5500 1.13 Code Execution
Sony XAV-AX5500 version 1.13 suffers from a firmware update validation vulnerability that allows for code execution. Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage:...
CVE-2025-2982
A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
Linux Distros Unpatched Vulnerability : CVE-2018-16646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attac...
CVE-2024-1034
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...
CVE-2024-9811
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
PT-2025-5717 · Cisco · Cisco Ios Xe +2
Name of the Vulnerable Software and Affected Versions: Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SNMP subsystem could allow an authenticated,...
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
The Computer Emergency Response Team of Ukraine CERT-UA has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of...
ROS-20240902-07
A vulnerability in the cpio binary archiver is related to regression when using the command line parameter --no-absolute-filenames. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
CVE-2024-6808 itsourcecode Simple Task List signUp.php insertUserRecord sql injection
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
Important: rsyslog
Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...
CVE-2023-27894 Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform
SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...
CVE-2022-4116
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...
CVE-2021-21154
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-35896
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...
A week in security (November 23 – November 29)
Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online. We also looked back at Zoom, and wondered whether its any safer months after its first vulnerability was reported. We talked about how Apples security is hampering the detection of potentially unwante...