18335 matches found
GHSA-H535-J5HR-MV56 DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...
CVE-2025-59174
Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
EUVD-2025-210074
Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
CVE-2025-59174
Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
CVE-2025-59174
Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
CVE-2025-59174
CVE-2025-59174 affects Ericsson Packet Core Controller (PCC) versions prior to 1.39. The issue is triggered by an attacker sending a large volume of specially crafted messages, resulting in service degradation. The public documents do not specify a root cause beyond this behavior, nor provide a c...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
CVE-2026-36501
CVE-2026-36501 affects Controller v12.0.5, specifically the Externalizable.readExternal() component. The issue allows an attacker to trigger a Denial of Service (DoS) by supplying crafted input. The available documents do not provide additional exploit details, affected subcomponents beyond Exter...
CVE-2026-36500
CVE-2026-36500 describes a directory-traversal vulnerability in the cluster-admin:backup-datastore component of Controller v12.0.5, exploitable through a crafted request. The connected documents confirm the affected component and version but provide no exploit details, impact specifics beyond dir...
PT-2026-47009
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
EUVD-2026-34866
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
PT-2026-46957
Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
PT-2026-47010
An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...
EUVD-2026-34867
An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36501
An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
CVE-2026-36501
An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...