793 matches found
D-Link M60 授权问题漏洞
The D-Link M60 is a wireless routing device from China-based D-Link. An authorization issue vulnerability exists in D-Link M60 version 1.20B02 and prior versions, which stems from a weak password recovery issue in the file /usr/bin/httpd, and can be exploited by an attacker to cause...
JLSEC-2026-129
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...
CVE-2026-34862
Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A stack overflow vulnerability exists in the Huawei HarmonyOS media platform, which can be exploited by an attacker to cause availability to be compromised...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An access control vulnerability exists in the Huawei HarmonyOS memoization module, which can be exploited by an attacker to cause confidentiality and...
ROS-20260403-73-0003
A vulnerability in the ksmbdsessionrpcopen function in the fs/smb/server/mgmt/usersession.c module of the Linux kernel SMB server support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availabili...
EUVD-2026-18176
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability...
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability...
CVE-2026-32012
...
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...
ROS-20260319-73-0012
A vulnerability in the tagkey validation mechanism of the Fluent Bit log collection and processing tool is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity and availability of protected information...
ROS-20260317-73-0025
A vulnerability in the cryptmessage function in the fs/smb/client/smb2ops.c module of the SMB client support module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability...
CVE-2023-31324
A Time-of-check time-of-use TOCTOU race condition in the AMD Secure Processor ASP could allow an attacker to modify External Global Memory Interconnect Trusted Agent XGMI TA commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability...
CVE-2023-31324
A Time-of-check time-of-use TOCTOU race condition in the AMD Secure Processor ASP could allow an attacker to modify External Global Memory Interconnect Trusted Agent XGMI TA commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability...
CVE-2024-36320
Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability...
CVE-2024-36311
A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...
CVE-2024-36311
CVE-2024-36311 describes a TOCTOU race in the SMM communications buffer that could allow a privileged attacker to bypass input validation and perform an out-of-bounds read or write, potentially impacting confidentiality, integrity, and availability. The Red Hat, NVD, CVE lists and vendor advisori...
MUZZLE: Adaptive Agentic Red-Teaming of Web Agents against Indirect Prompt Injection Attacks
Large language model LLM based web agents are increasingly deployed to automate complex online tasks by directly interacting with web sites and performing actions on users' behalf. While these agents offer powerful capabilities, their design exposes them to indirect prompt injection attacks...
EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2026-1161)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an...
ROS-20260128-73-0008
A vulnerability in the ieee802154hdrpeekaddrs function of the Linux kernel is related to buffer copying without checking the size of input data. Exploitation of the vulnerability may allow a remote attacker to affect confidentiality, integrity and availability of protected information...