CVE-2026-8733 Investintech SlimPDFReader SlimPDFReader.exe sub_3B4610 stack-based overflow

A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2025-15471

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The...

EUVD-2025-204794

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

GLSA-202409-26 : IcedTea: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-26 IcedTea: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

GLSA-202408-32 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-32 PHP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

Franklin Electric Fueling Systems Colibri

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Electric Fueling Systems Equipment : Colibri Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Design/Logic Flaw

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

vm2 End of Life (EOL) Detection

The vm2 version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2023-37466 vm2 Sandbox Escape vulnerability

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property...

CVE-2023-37466 vm2 Sandbox Escape vulnerability

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property...

Authentication flaw

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming...

GHSA-GGRH-GRJ3-VFVW Package discontinued because Bitly lowered the free quota

On November 17, 2022, an email was received from Bitly advising that the new link quota per free token is lowered to 50 per month from its previous value of 1000 per month. As per the email, this change is effective on December 8, 2022. The new quota is so low as to not be useful. For this reason...

Package discontinued because Bitly lowered the free quota

On November 17, 2022, an email was received from Bitly advising that the new link quota per free token is lowered to 50 per month from its previous value of 1000 per month. As per the email, this change is effective on December 8, 2022. The new quota is so low as to not be useful. For this reason...

GHSA-9R2J-RG24-FVPJ FrozenNode Laravel-Administrator unrestricted file upload

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload and consequently Remote Code Execution via admin/tipsimage/image/fileupload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued...

rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

Schneider Electric GUIcon

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: GUIcon Vulnerabilities: Out-of-bounds Write, Use After Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary...

CVE-2021-39230

Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds...

Digi PortServer TS 16

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: PortServer TS 16 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability allows write access, which grants control of...

Monstra CMS End of Life (EOL) Detection

The remote host is using Monstra CMS which is discontinued and will not receive any security updates. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: Streams service for IBM Cloud Pak for Data might be affected by some underlying WebSphere Liberty vulnerabilities

Summary Streams service for IBM Cloud Pak for Data might be affected by some underlying WebSphere Liberty vulnerabilities Vulnerability Details CVEID: CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injecti...