108 matches found
CVE-2024-14026 QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
PT-2026-24401
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. A crash may occur in the rate limit filter when the...
EUVD-2026-10211
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...
CVE-2026-3704
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...
EUVD-2026-8617
@enclave-vm/core is vulnerable to Sandbox Escape...
CVE-2026-3188
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...
CVE-2026-26057
Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...
EUVD-2026-4905
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...
UBUNTU-CVE-2026-21892
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...
gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A heap-based buffer overflow in GIMP’s X Window Dump XWD file parser allows an attacker to craft a malicious XWD file or a web page that triggers opening one that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as...
CVE-2025-68192
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC header, leaving skb-macheader uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due ...
gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A heap-based buffer overflow in GIMP’s X Window Dump XWD file parser allows an attacker to craft a malicious XWD file or a web page that triggers opening one that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as...
EUVD-2018-20713
Malware in sbrugna...
EUVD-2018-20581
Malware in sbrugna...
CVE-2025-11283
A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...
EUVD-2025-25131
Malicious code in bioql PyPI...
CVE-2025-52427
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-11029 givanz Vvveb cross-site request forgery
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the proje...
CVE-2025-11029 givanz Vvveb cross-site request forgery
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the proje...
CVE-2025-11026
Summary: CVE-2025-11026 affects givanz Vvveb up to 1.0.7.2, specifically a flaw in the Configuration File Handler that can lead to information disclosure. The vulnerability description indicates remote initiation and that the exploit has been publicly disclosed. The root cause is tied to mis-hand...