CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

CLSA-2026-1778140717 vim: Fix of 10 CVEs

CVE-2022-0158: fix Vim9 reading before start of line with single $ - CVE-2022-0696: fix crash when switching tabpage in cmdline window - CVE-2022-1674: fix crash when matching buffer with invalid pattern - CVE-2022-1725: fix using NULL regexp program in buffer matching - CVE-2022-1771: fix...

GHSA-XXXG-X793-7FQ3 Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

Azure Linux 3.0 Security Update: espeak-ng (CVE-2023-49992)

The version of espeak-ng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49992 advisory. - Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at...

CVE-2025-9658

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

Overleaf 安全漏洞

Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf. An attacker can exploit the vulnerability to load a dictionary file with an arbitrary filename...

eSpeak NG Security Vulnerability

eSpeak NG is an open source software text-to-speech synthesizer from eSpeak NG Open Source. A security vulnerability exists in eSpeak NG version 1.52-dev, which is caused by a buffer overflow in the RemoveEnding method of the dictionary.c file...

SUSE CVE-2018-16982

Open Chinese Convert OpenCC 1.0.5 allows attackers to cause a denial of service segmentation fault because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file...

PYSEC-2018-153

Open Chinese Convert OpenCC 1.0.5 allows attackers to cause a denial of service segmentation fault because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file...

GNU PSPP Denial of Service Vulnerability

GNU PSPP is a free application developed by the GNU Project for data sampling, statistics and analysis. A security vulnerability exists in the 'dictrenamevar' function in the data/dictionary.c file in GNU PSPP version 0.11.0. A remote attacker could exploit this vulnerability to cause a denial of...

FTP Password Recovery - Command-line Lost or Forgotten FTP Password Finder Tool for Windows

FTP Password Recovery is a free command-line tool to find your lost or forgotten FTP password for any FTP server. It automatically detects if the target FTP server allows any Anonymous without password connections. In case your FTP server is running on different port other than port 21 then you c...

UPC Ireland Cisco EPC 2425 Router / Horizon Box

Exploit for hardware platform in category web applications The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: • Random • A to Z Uppercase only • 8...

(64bit): NULL pointer dereference by processing of a corrupted Diameter dictionary file

Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted Diameter dictionary file...

CVE-2011-1958

Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted Diameter dictionary file...

Hacker attack techniques of brute force method-vulnerability warning-the black bar safety net

Principle:now the lottery is very hot, a person spend two dollars to buy a lottery ticket that might, 5 0 0 million, but this probability is very low;you landed a system, The system ask you a password, you just wrote one, actually Simon's right, this probability and buy the 2 bucks, 5 0 0 million...

python written oracle database passwords scanning tools-vulnerability warning-the black bar safety net

Nothing else, write a small tool. Sweep the oracle password. The level is limited, the python did not get to the bottom, even in the writing tool of the time"or"this conditional statement will not. So everyone will. -----------------------oracle's password,user scan -----------------------code by...

Hacking knowledge series of the Windows NT attacks Encyclopedia-vulnerability warning-the black bar safety net

Typically, the attacker will take the following way of the NT to initiate offense: 1, guess the decryption code hand-guess, automated guessing, the listener guessing; to 2, The remote exploit attack buffer overflow, denial of serviceDDos; the 3, upgrade permissions siphon information, modify the...

phpBB 2.0.18 - Remote Brute ForceDictionary (2)

phpBB 2.0.18 - Remote Brute ForceDictionary 2 !/usr/bin/perl Title: PhpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting length | Email option | More fast | Die error disabled |...