Exploit for CVE-2026-5172

CVE20265172poc CVE-2026-5172: buffer overflow in extractaddre...

CVE-2026-41883

OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...

CVE-2026-41205

A flaw was found in Mako, a Python template library. This vulnerability, known as path traversal, allows an attacker to access files outside of the intended directory. By providing a specially crafted input to the TemplateLookup.gettemplate function, a remote attacker can exploit an inconsistency...

MiracleLinux 7 : wget-1.14-13.el7 (AXSA:2016-1111:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-1111:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you ar...

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from a specially crafted resource name embedded in a URL path that could lead to a path traversal attack...

SUSE CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

CVE-2022-0135

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer virglrenderer. This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPUEXECBUFFER ioctl, leading to a denial of service or possible code execution...

Vfsjfilechooser2 安全漏洞

Vfsjfilechooser2 is an open source vfsjfilechooser project's mavenized branch . It is a replacement for Java's JFileChooser Swing component. A security vulnerability exists in Vfsjfilechooser2 0.2.9 and earlier, which stems from a Regular Expression Denial of Service ReDOS that occurs when an...

Pulse Secure Pulse Connect Secure Code Injection Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A code injection vulnerability exists in Pulse Secure PCS versions prior to 9.1RB. The vulnerability can be exploited by an attacker to execu...

Multiple Samsung Android Mobile Phones Denial of Service Vulnerabilities

Samsung Android is a line of Android smartphones from the South Korean company Samsung. A security vulnerability exists in Samsung Android devices. The vulnerability can be exploited by an attacker with the help of a specially crafted resource profile to cause a system crash, resulting in a denia...

JSF: Information disclosure due to missing access restriction in portlet resource dispatching

It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to...

CVE-2015-0764

Cisco Unified MeetingPlace 8.61.9 allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603...

bind: specially crafted resource record causes named to exit

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

Memory corruption

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a file with a crafted resource fork...

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a file with a crafted resource fork...

Memory corruption

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted resource fork that triggers memory corruption...

CVE-2009-0020

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted resource fork that triggers memory corruption...