CVE-2026-4531 Free5GC AMF handler.go HandleRegistrationComplete denial of service

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

EUVD-2026-14264

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

CVE-2026-4531

Free5GC 4.1.0 contains a vulnerability in the AMF component: HandleRegistrationComplete in internal/gmm/handler.go can be manipulated to cause a Denial of Service, potentially exploitable remotely. The patch referenced is 52e9386401ce56ea773c5aa587d4cdf7d53da799, and applying the official patch i...

DEBIAN-CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

EUVD-2026-14262

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

SUSE CVE-2026-4464

Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-32595

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a local-denial of service vulnerability in the DNS Address field. By enabling DNS Address in the Firewall settings and pasting a ~700-byte buffer, an attacker can crash the application when Test is invoked. Affects BulletProof FTP Server 2019.0.0.50; ro...

PyTorch 代码问题漏洞

PyTorch is an open-source Python package developed by PyTorch. Version 2.10.0 of PyTorch contains code vulnerabilities; these vulnerabilities stem from unknown features in the pt2 loading processing component, which may lead to deserialization attacks...

CVE-2026-4530

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2026-4530

A vulnerability in the apconw Aix-DB up to version 1.2.3 affects the file agent/text2sql/rag/terminology_retriever.py. The issue arises from manipulating the Description argument, which leads to SQL injection. The vulnerability is exploitable via a local attack, and public proof-of-concept exploi...

CVE-2019-25578

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

CVE-2019-25558

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Autonomous Cyber Red Team MCP Server Autonomous cyber red tea...

CVE-2026-2468

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...

Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqx8-9xxw-f2m7. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized...

EUVD-2026-13964

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

EUVD-2026-13935

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...