7328 matches found
Malicious Package
Overview @bookings.microsoft.com/s is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
IBM: SQL Injection vulnerability found on ibm.com endpoint
A SQL injection vulnerability was found on an ibm.com endpoint. The vulnerability was reported to IBM, analyzed, and remediated...
CleverTap Web SDK 安全漏洞
The CleverTap Web SDK is an open-source developer toolkit developed by CleverTap. Versions of the CleverTap Web SDK prior to 1.15.2 contain security vulnerabilities. These vulnerabilities stem from the source validation in the Visual Builder module, where the includes method is used to check...
Exploit for SQL Injection in Joomla Joomla\!
CVE-2017-8917 Joomla SQLi PoC This repository contains a simp...
CVE-2026-2017
A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...
CVE-2026-2017
A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...
CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow
A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...
CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow
A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...
CVE-2026-2017
IP-COM W30AP is affected up to version 1.0.0.11(1340). The vulnerability resides in the R7WebsSecurityHandler of the POST Request Handler at /goform/wx3auth, where manipulating the data argument causes a stack-based buffer overflow. It can be triggered remotely and the exploit is publicly availab...
CVE-2026-1592
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...
Symantec Endpoint Protection Client < 14.3 RU8 Patch 3 / 14.3 RU9 Patch 2 / 14.3 RU10 Patch 1 Multiple Vulnerabilities (36774)
The version of Symantec Endpoint Protection SEP Client installed on the remote host is affected by a multiple vulnerabilities as referenced in the 36774 advisory. - Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privile...
CVE-2026-1592
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...
CVE-2025-13919
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
CVE-2025-13919
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
EUVD-2025-206456
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
CVE-2025-13919
The CVE-2025-13919 entry concerns Symantec Endpoint Protection Client vulnerabilities, specifically a COM Hijacking issue in Windows where references in the COM registry can be hijacked to establish persistence and evade detection. Affected software is SEP Client versions prior to 14.3 RU10 Patch...
CVE-2025-13919
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
PT-2026-5143
Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.3 RU10 Patch 1 Symantec Endpoint Protection versions prior to 14.3 RU9 Patch 2 Symantec Endpoint Protection versions prior to 14.3 RU8 Patch 3 Description The software may be susceptible to a C...
CVE-2025-67264
CVE-2025-67264 describes an OS command-injection in the com.sprd.engineermode component on Doogee Note59/Note59 Pro/Note59 Pro+. The vulnerability allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, attributed to incomplete patching of CVE-202...