425 matches found
MAL-2026-2596 Malicious code in @spreadjs/js-calc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7909a65c6a2c928f12a2333a6e1c53c7dea90685fe7b2be35f120654a6f86d7 The package @spreadjs/js-calc was found to contain malicious code. Source: ghsa-malware...
UBUNTU-CVE-2019-25695
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...
PT-2026-32162
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...
PT-2026-31646
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pe page hash calc. When page hash processing is performed on a PE file, the function...
CVE-2025-12886
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...
EUVD-2025-209108
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...
CVE-2025-12886
The Oxygen Theme for WordPress (versions up to 6.0.8) is vulnerable to unauthenticated Server-Side Request Forgery via the laborator_calc_route AJAX action. This allows an attacker to issue web requests from the application to arbitrary locations, potentially querying and modifying information fr...
PT-2026-27007
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...
UBUNTU-CVE-2026-23047
In the Linux kernel, the following vulnerability has been resolved: libceph: make calctarget set t-paused, not just clear it Currently calctarget clears t-paused if the request shouldn't be paused anymore, but doesn't ever set t-paused even though it's able to determine when the request should be...
CVE-2026-23047
In the Linux kernel, the following vulnerability has been resolved: libceph: make calctarget set t-paused, not just clear it Currently calctarget clears t-paused if the request shouldn't be paused anymore, but doesn't ever set t-paused even though it's able to determine when the request should be...
CVE-2026-23047
In the Linux kernel, the following vulnerability has been resolved: libceph: make calctarget set t-paused, not just clear it Currently calctarget clears t-paused if the request shouldn't be paused anymore, but doesn't ever set t-paused even though it's able to determine when the request should be...
CVE-2026-23047 libceph: make calc_target() set t->paused, not just clear it
In the Linux kernel, the following vulnerability has been resolved: libceph: make calctarget set t-paused, not just clear it Currently calctarget clears t-paused if the request shouldn't be paused anymore, but doesn't ever set t-paused even though it's able to determine when the request should be...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the pause state for the calctarget component. This vulnerability may cau...
EUVD-2020-30932
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted inp...
EUVD-2020-30941
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching...
CVE-2020-37031
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memo...
PT-2026-5477
Name of the Vulnerable Software and Affected Versions RM Downloader version 2.50.60 Description RM Downloader version 2.50.60 contains a local buffer overflow issue in the Load parameter. This allows attackers to execute arbitrary code by overwriting memory. An attacker can create a malicious...
MiracleLinux 9 : libreoffice-7.1.8.1-11.el9.ML.2 (AXSA:2023-7005:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7005:05 advisory. libreoffice: Empty entry in Java class path CVE-2022-38745 libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 libreoffice:...
MiracleLinux 9 : kernel-5.14.0-362.24.1.el9_3 (AXSA:2024-7637:09)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7637:09 advisory. kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: netfilter: use-after-free in nfttransgccatchallsync leads to privilege escalation...
MiracleLinux 8 : libreoffice-6.4.7.2-15.el8.ML.1 (AXSA:2023-7259:06)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7259:06 advisory. libreoffice: Empty entry in Java class path CVE-2022-38745 libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 libreoffice:...