CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

CVE-2017-20229

MAWK 1.3.3-17 and earlier contain a stack-based buffer overflow due to inadequate boundary checks on user-supplied input. An attacker can craft input that overflows the stack and facilitates a return-oriented programming chain to spawn a shell with application privileges. The connected documents ...

(Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementatio...

CVE-2025-40193 xtensa: simdisk: add input size check in proc_write_simdisk

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in procwritesimdisk A malicious user could pass an arbitrarily bad value to memdupusernul, potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 "netdevsim:...

CVE-2025-10612 XSS in GiSoft's City Guide

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45...

EUVD-2018-17945

Malware in sbrugna...

Iron Mountain enVision 操作系统命令注入漏洞

Iron Mountain enVision is a document archiving and management software from Iron Mountain, Inc. An operating system command injection vulnerability exists in versions prior to Iron Mountain enVision 250563, which stems from improper neutralization of a special element that could lead to OS comman...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21111)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input on the /apprain/developer/addons/update/960grid endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...

Linux Distros Unpatched Vulnerability : CVE-2025-38406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARNON...

SUSE CVE-2025-38254

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add sanity checks for drmedidraw When EDID is retrieved via drmedidraw, it doesn't guarantee to return proper EDID bytes the caller wants: it may be either NULL that leads to an Oops or with too long bytes over t...

CVE-2025-38254 drm/amd/display: Add sanity checks for drm_edid_raw()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add sanity checks for drmedidraw When EDID is retrieved via drmedidraw, it doesn't guarantee to return proper EDID bytes the caller wants: it may be either NULL that leads to an Oops or with too long bytes over t...

CVE-2025-38254

The CVE-2025-38254 issue is in the Linux kernel (drm/amd/display) where drm_edid_raw() could return NULL or oversized EDID bytes, risking an Oops or memory corruption. The fix adds sanity checks for drm_edid_raw() and returns EDID_BAD_INPUT in those corner cases. It is related to EDID handling wh...

CVE-2025-2285

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

WordPress plugin Hover Image Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-0763

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

AMD NPU driver 安全漏洞

AMD NPU driver is a driver for an NPU module from UltraMicroelectronics AMD. A security vulnerability exists in AMD NPU driver that stems from incorrect input validation. An attacker exploiting the vulnerability could provide specially crafted pointers that could lead to arbitrary code execution...

PT-2024-20210 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the handling of OCPP messages due to the lack of prope...

Path traversal

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

PT-2022-14777 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the thermal cooling device stats update function of thermal sysfs.c due to improper input validation. This could lead to local escalation of privilege in th...

TypeORM 0.3.7 Information Disclosure Vulnerability

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...