CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

CVE-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

CVE-2021-41121

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

CVE-2021-27256

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2021-22215

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects...

CVE-2025-23186

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2025-23605

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lampd Call To Action Popup call-to-action-popup allows Reflected XSS.This issue affects Call To Action Popup: from n/a through = 1.0.2...

CVE-2025-23745

Cross-Site Request Forgery CSRF vulnerability in Tussendoor B.V. Call me Now call-me-now allows Stored XSS.This issue affects Call me Now: from n/a through = 1.0.5...

CVE-2022-33256

Memory corruption due to improper validation of array index in Multi-mode call processor...

CVE-2020-17406

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...

(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper...

CVE-2025-70161

CVE-2025-70161 affects the EDIMAX BR-6208AC V2_1.02. The vulnerability is a command injection where the pppUserName field is directly passed to a shell via system() without sanitization, enabling arbitrary code execution. Reported by multiple sources, it has a CVSS v3.1 base score of 9.8 (Network...

PT-2026-1955

Name of the Vulnerable Software and Affected Versions EDIMAX BR-6208AC version V2 1.02 Description The EDIMAX BR-6208AC version V2 1.02 is susceptible to Command Injection. The issue occurs because the pppUserName field is passed directly to a shell command using the system function without...

CVE-2025-70161

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the installfrontmatterrequirements function.The issue results from the lack of proper validation ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...