May Microsoft Patch Tuesday

May Microsoft Patch Tuesday. A total of 119 vulnerabilities, approximately 1.5 times fewer than in April. There are currently no vulnerabilities marked as actively exploited in the wild. However, there is one vulnerability with a public exploit: 🔸 EoP - Windows Kernel CVE-2026-40369. A detailed...

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

EUVD-2025-203260

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

EUVD-2019-2535

Malware in sbrugna...

CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

Linux Distros Unpatched Vulnerability : CVE-2020-26139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully...

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size...

PT-2024-3999 · Gnome +9 · Gnome Glib +9

Name of the Vulnerable Software and Affected Versions: GNOME GLib versions prior to 2.78.5 GNOME GLib versions 2.79.x GNOME GLib versions 2.80.x prior to 2.80.1 Description: An issue was discovered in GNOME GLib where a GDBus-based client subscribing to signals from a trusted system service, such...

Samba Security Vulnerabilities

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba 4.1 and earlier versions that can be exploited by a client to truncate files with read-only permissions...

Himalaya (Windows client) suffers from a dll hijacking vulnerability (CNVD-2021-10375)

Himalaya is a professional audio sharing platform. A dll hijacking vulnerability exists in Himalaya Windows client, which can be exploited by attackers to execute arbitrary malicious code via the client...

Valve: Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution

A crafted map detailed texture file maps/detail.txt can be used to exploit a stack overflow vulnerability in hw.dll that can lead to remote code execution. Reproduction I used Counter-Strike for PoCs. Using a listen server - Place attached csassaultdetail.txt in cstrike/maps folder - Start the ga...

SapporoWorks Black JumboDog 2.6.4/2.6.5 HTTP Proxy Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long expires, if-modified-since, and LastModified strings...

NACElink CS Manager - Persistent Web Vulnerability

Document Title: =============== NACElink CS Manager - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=488 Release Date: ============= 2012-05-16 Vulnerability Laboratory ID VL-ID: ==================================== 488 Comm...

wconnect-xss.txt

HSC WCONNECT WC.DLL Cross-Site Scripting Vulnerability West Wind Web Connection is a tool for building Web applications using the Visual FoxPro environment but is also Vulnerable to Cross-Site scripting attacks. Admins need to password protect the application since its installed with out password...

Boinc Forum Cross Site Scripting Vulrnability

HSC Boinc Forum Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...

Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC)

Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow PoC source: https://www.securityfocus.com/bid/12977/info A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf function in a text visualization...

ignitionServer DoS

Insufficient restrictions on the "SERVER" command can be exploited by clients to introduce non-existing servers to the network...

Multiple FTP clients contain directory traversal vulnerabilities

Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...