PT-2026-45618

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2018-25423 Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

PT-2026-45123

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...

CRLF Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the setCookie utility. An attacker can inject unauthorized cookie attributes by supplying specially crafted input containing semicolons, carriage returns, or newline...

CVE-2025-68670

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...

EUVD-2021-17267

Malware in sbrugna...

CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables...

Exploit for CVE-2025-29927

CVE-2025-29927-PoC-Exploit Proof-of-Concept for Authorization...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

CVE-2024-30952

PESCMS-TEAM v2.3.6 contains a stored XSS vulnerability exploitable via a crafted payload in the domain input field at /youdoamin/?g=Team&m=Setting&a=action. Affected component: domain input handling in the API endpoint; impact: execution of arbitrary web scripts/HTML. Some sources mention a tempo...

PESCMS 安全漏洞

PESCMS is a content publishing platform. A security vulnerability exists in PESCMS-TEAM version v2.3.6, which stems from a stored cross-site scripting XSS vulnerability in component/youdoamin. An attacker can exploit the vulnerability to execute arbitrary web script or HTML code by injecting a...

PT-2024-23689 · Unknown · Pescms Team

Name of the Vulnerable Software and Affected Versions: PESCMS-TEAM version 2.3.6 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under the...

CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables...

Design/Logic Flaw

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables...

CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables...

CVE-2021-30336

CVE-2021-30336 affects Qualcomm Snapdragon components across Auto, Compute, Connectivity, Industrial IoT and Wearables. The vulnerability is a local out-of-bounds read caused by insufficient domain input validation when handling APK close session requests, leading to potential memory corruption w...

Jobs Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Jobs Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submission or...

Fedora 24 : xen (2016-389be30b95)

fix for CVE-2016-2858 doesn't build with qemu-xen enabled Unsanitised guest input in libxl device handling code XSA-175, CVE-2016-4962 1342132 Unsanitised driver domain input in libxl device handling XSA-178, CVE-2016-4963 1342131 arm: Host crash caused by VMID exhaust XSA-181 1342530 Qemu:...