325 matches found
CVE-2026-22100
The CVE-2026-22100 entry describes a command injection in the OCPP DataTransfer message ReserveLogin. By manipulating the data value, arbitrary OS commands can be executed with root privileges. Exploitation details, affected versions, and concrete remediation are not provided in the connected doc...
CVE-2026-53162
A flaw was found in the Linux kernel's memory cgroup memcg subsystem. When a non-maskable interrupt NMI occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing syst...
CVE-2026-12093
The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...
CVE-2026-43287 drm: Account property blob allocations to memcg
In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013725)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013725 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...
Real Apple notifications are being used to drive tech support scams
Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers. According to a report from BleepingComputer, scammers create an Apple account and insert a phishing message into the personal information fields, then modify th...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007621)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007621 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...
EUVD-2019-20149
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 is affected by an SQL injection vulnerability reachable via the Charge[group_total] parameter in POST requests to /charge/admin. The issue allows authenticated attackers to execute arbitrary SQL queries, using error-based, time-based blind, or stacked query payloads to extract data o...
MyT SQL注入漏洞
MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...
PT-2026-32175
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...
CVE-2026-4156
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...
CVE-2026-4157
ChargePoint Home Flex revssh Service Command Injection (CVE-2026-4157) allows network-adjacent attackers to execute arbitrary code as root due to improper validation of a user-supplied string before invoking a system call in OCPP message handling. Authentication is not required. The issue is docu...
CVE-2026-4157 ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The...
CVE-2026-4156
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...
CVE-2026-4156
Summary: CVE-2026-4156 affects ChargePoint Home Flex. The flaw is a stack-based buffer overflow in the OCPP getpreq handling, caused by improper validation of user-supplied data length copied into a fixed-length buffer. This leads to remote code execution in the context of root for network-adjace...