CVE-2026-22858

CVE-2026-22858 affects FreeRDP prior to 3.20.1, where a global-buffer-overflow can occur in the Base64 decoding path due to implementation‑defined char signedness causing out‑of‑bounds access. The vulnerability is fixed in 3.20.1; multiple advisories (SUSE/SLES/OpenSUSE/Fedora) reference updating...

MiracleLinux 3 : icu-3.6-5.11.4 (AXSA:2009-73:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-73:02 advisory. The International Components for Unicode ICU libraries provide robust and full-featured Unicode services on a wide variety of platforms. ICU supports the most...

CVE-2023-54328

AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism...

CVE-2026-22027

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2023-54337 Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality...

CVE-2023-54337 Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality...

MiracleLinux 7 : binutils-2.27-44.0.1.base.el7.1.AXS7 (AXSA:2025-9812:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9812:01 advisory. - CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes CVEs: CVE-2025-0840 A vulnerability, which was classified as problematic, was found in...

MiracleLinux 7 : php-5.4.16-48.0.7.el7.AXS7 (AXSA:2025-10750:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10750:06 advisory. CVE-2025-1220: error if host contains null bytes in the middle of the string CVEs: CVE-2025-1220 In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3...

PT-2026-2418

Name of the Vulnerable Software and Affected Versions AimOne Video Converter version 2.04 Build 103 Description AimOne Video Converter version 2.04 Build 103 contains a buffer overflow in its registration form, leading to application crashes and a denial of service. An attacker can create a...

CVE-2026-22027

CryptoLib (NASA’s SDLS-EP implementation) is affected prior to version 1.4.3 by a heap buffer overflow in convert_hexstring_to_byte_array() within the MariaDB SA interface. The function writes decoded bytes into a caller-provided buffer without capacity checks, which can overflow when importing S...

CVE-2023-25601

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...

CVE-2020-12837

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used...

CVE-2020-12843

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

CVE-2019-16653

An application plugin in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to gain admin privileges...

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000393 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...

PT-2026-6320

Name of the Vulnerable Software and Affected Versions Bytes versions 1.2.1 through 1.11.0 Description The Bytes library contains a flaw in the BytesMut::reserve function that can lead to an integer overflow. Specifically, an unchecked addition within the reclaim path of BytesMut::reserve can caus...

PT-2026-29046

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

PT-2026-29060

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The...