CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

Exploit for CVE-2026-2636

CVE-2026-2636: CLFS.sys Unrecoverable State Leading to BSoD !...

EUVD-2002-0543

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-32546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untruste...

Linux Distros Unpatched Vulnerability : CVE-2016-9108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the jsregcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to...

Linux Distros Unpatched Vulnerability : CVE-2017-2901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris'...

CVE-2025-8845 NASM Netwide Assember nasm.c assemble_file stack-based overflow

A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemblefile of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be...

Linux Distros Unpatched Vulnerability : CVE-2022-1975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. CVE-2022-1975...

PT-2025-35985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where the hfsplus create attributes file function incorrectly uses BUG ON. This occurs when the volume header contains incorrect values, leading to an...

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of the strlen function instead of the strnlen function for algorithm and coefficient name string...

Ruijie Networks RG-EW1200G 访问控制错误漏洞

The Ruijie Networks RG-EW1200G is a wireless router from Ruijie Networks China. Ruijie Networks RG-EW1200G EW3.01B11P204 version has an access control error vulnerability that stems from a problem with the file app.09df2a9e44ab48766f5f.js, which can lead to incorrect access control...

SUSE CVE-2010-0791

The 1 ncpmount, 2 ncpumount, and 3 ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service application failure via unspecified vectors that trigger the creation of a /etc/mtab file that persists after the program exits...

SUSE CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

SUSE CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...

SUSE CVE-2017-12775

qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts...

SUSE CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

byacc 安全漏洞

byacc is an open source syntax parser generation tool from openeuler. A security vulnerability exists in openEuler byacc, which stems from a dead loop in the nextinline function of the morecurly function when processing a file...

CVE-2022-20413

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Halibut 资源管理错误漏洞

Halibut is a secure, RPC-based open source communication framework from the individual developers of Octopus Deploy. A security vulnerability exists in Halibut version 1.2, which stems from a post-release reuse issue in cleanupindex in index.c. The vulnerability is caused by an unspecified text...