CVE-2026-0821 quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2018-19160

Diamond through 3.0.1.2 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

CVE-2022-35572

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, and potentially other vendors/devices due to code reuse, the /SysInfo.htm URI does not require a session ID. This web page calls a showsysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS...

CVE-2019-2942

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2019-2676

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

CVE-2020-12258

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259...

CVE-2018-4004

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit...

CVE-2021-2464

Vulnerability in Oracle Linux component: OSwatcher. Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability c...

CVE-2021-2210

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Quotes. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

CVE-2021-2452

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

EUVD-2026-0004

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function opSetSloti32/opCallIndirect of the file m3exec.h. Performing manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has ...

EUVD-2025-205688

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclos...

How BAS Improves Vulnerability Management (And Why)

A vulnerability without context is just a data point. A medium-severity flaw might seem like a low priority, but what if you knew it was being actively used in a new ransomware campaign targeting your industry? This is why threat intelligence is so crucial. The answer to how does BAS improve...

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

CVE-2025-14961 code-projects Simple Blood Donor Management System editedcampaign.php sql injection

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now publ...

PT-2025-53535

Уязвимость функции strcpy микропрограммного обеспечения маршрутизаторов Tenda AC18 связана с выходом операции за границы буфера в памяти при обработке аргумента mac. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код или вызвать отказ в...

CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

EUVD-2025-203123

A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowbook.php. Such manipulation of the argument rollnumber leads to sql injection. The attack may be launched remotely. The exploit has been...

Varex Imaging Panoramic Dental Imaging Software

RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...