434 matches found
CVE-2026-5503
In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...
EUVD-2026-19564
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...
Zscaler Client Connector hard-coded proxy configuration domain
RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...
SUSE CVE-2026-32694
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...
CVE-2026-22548
CVE-2026-22548 affects BIG-IP Advanced WAF/ASM when a security policy is configured on a virtual server. Undisclosed requests can cause the bd process to terminate, resulting in a DoS on the BIG-IP system. The issue is addressed in BIG-IP version 17.1.3 for the 17.x branch (previous 17.1.0–17.1.2...
AZL-74547 CVE-2026-0861 affecting package glibc for versions less than 2.38-18
Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
Malicious code in @asyncapi/java-spring-cloud-stream-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7ee33a69d9005442fb0347dfb87c303e2acd8cd146d8a85d0cecdc90f94bc3 The package @asyncapi/java-spring-cloud-stream-template was found to contain malicious code. Source: ghsa-malware...
CMSimple_XH Cross-Site Scripting Vulnerability
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...
SAP S/4HANA 输入验证错误漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An input validation error vulnerability exists in SAP S/4HANA, which originates from an attacker being able to craft a malicious link that could result in the victim being...
Malicious code in react-notifications-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...
Exploit for Authorization Bypass Through User-Controlled Key in Themewinter Eventin
CVE-2025-4796 Eventin = 4.0.34 - Authenticated Contributo...
EUVD-2025-34650
When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...
CVE-2025-58153
CVE-2025-58153 describes a vulnerability in BIG-IP High-Speed Bridge (HSB) devices where, under undisclosed traffic conditions and conditions outside attacker control, the HSB may lock up. The issue affects BIG-IP platforms with an embedded ePVA chip (data plane issue; no control plane exposure)....
CVE-2025-48008 BIG-IP MPTCP vulnerability
When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...
EUVD-2019-9741
Malware in sbrugna...
EUVD-2021-14206
Malware in sbrugna...
EUVD-2020-6481
Malware in sbrugna...