589360 matches found
Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd:...
PT-2026-45578
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A heap buffer overflow exists in multiple functions within sdp discovery.cc. This flaw allows for remote code execution in proximal or adjacent network environments without requiring addition...
Malicious code in @redhat-cloud-services/notifications-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
PT-2026-45457
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
IBM WebSphere Application Server๏ผWAS๏ผ ไปฃ็ ้ฎ้ขๆผๆด
IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Versions 9.0 and 8.5 of IBM WebSphere Application Server contained code...
Security Vulnerabilities fixed in Firefox for iOS 151.2 โ Mozilla
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...
PUB-A-481652714
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PUB-A-449726527
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
๐ Apache ActiveMQ Jolokia Remote Code Execution
This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...
Apache ActiveMQ ๅฎๅ จๆผๆด
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the default access policy of the...
PT-2026-45373
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...
PUB-A-449725960
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PUB-A-479911219
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
ArmCode Arm Whois ๅฎๅ จๆผๆด
ArmCode Arm Whois is a web information query tool developed by ArmCode Corporation. Version 3.11 of ArmCode Arm Whois contains a security vulnerability. This vulnerability stems from a stack buffer overflow, which could allow remote attackers to execute arbitrary code by providing excessive input...
Langroid ไปฃ็ ๆณจๅ ฅๆผๆด
Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.63.0 contained a code injection vulnerability. This vulnerability stemmed from SQLChatAgent executing SQL statements generated by the LLM. It could be exploited via prompt...
ASB-A-447536200
In multiple functions of sdpdiscovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45442
A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...
HP Poly Voice ๅฎๅ จๆผๆด
HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...
PT-2026-45420
Name of the Vulnerable Software and Affected Versions HP Poly VVX series affected versions not specified HP Poly Trio 8300 affected versions not specified HP Poly Trio 8500 affected versions not specified HP Poly Trio 8800 affected versions not specified Description A stack-based buffer overflow...
Poly Voice โ Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...