EUVD-2026-16913

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2018-25224

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

CVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

UBUNTU-CVE-2016-20041

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to...

CVE-2018-25224

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

CVE-2016-20041

Yasr 0.6.9-5 contains a buffer overflow via the -p command-line parameter, enabling local attackers to crash the app or execute arbitrary code by sending a crafted payload (junk data, shellcode, return address) to overwrite the stack. Impact is local code execution with high confidentiality/integ...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-33697

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack...

EUVD-2026-16895

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smfgxccacb/smfgyccacb/smfs6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitabilit...

SUSE CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

Linux Distros Unpatched Vulnerability : CVE-2026-27858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force...

Linux Distros Unpatched Vulnerability : CVE-2026-27857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sending NOOP ... command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can ...

Linux Distros Unpatched Vulnerability : CVE-2026-27856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured...

GHSA-XQ8G-HGH6-87HV OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing

Summary BlueBubbles Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Password Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

CVE-2026-4991

CVE-2026-4991 affects QDOCS Smart School Management System (up to 7.2). The vulnerability resides in the Admission Enquiry Module’s /admin/enquiry, where manipulating the Note argument triggers cross-site scripting. This can be exploited remotely. The provided sources do not specify affected vend...