Hono 资源管理错误漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.16 contained a resource management vulnerability. This vulnerability stemmed from the fact that the bodyLimit function did not reliably enforce the maxSize for requests without an available...

Flowise < 3.0.5 - Missing Authentication for Critical Function

Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-58434 from requests import post fr...

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

Linux Distros Unpatched Vulnerability : CVE-2026-43477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling...

EUVD-2026-29604

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

EUVD-2026-29511

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-35416

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-34345

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-34344

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-42144

A flaw was found in the CImg library. An integer overflow vulnerability in the WHD size computation inside loadpnm can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially...

CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-41088

CVE-2026-41088 affects Windows: External control of file name or path in the Windows Ancillary Function Driver for WinSock can allow an authorized local user to elevate privileges. The available connected records corroborate the issue description (Windows WinSock driver path/name control enabling...

CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-35416

CVE-2026-35416 describes a local privilege escalation due to a use-after-free in the Windows Ancillary Function Driver for WinSock. The description in the connected documents confirms the vulnerable component and the root cause as a use-after-free, leading to elevation of privileges for an author...

CVE-2026-34345

CVE-2026-34345 describes a race condition in the Windows Ancillary Function Driver for WinSock that allows local privilege escalation when a shared resource is improperly synchronized. Connected sources confirm the vulnerability affects Windows components and has been addressed by the May 2026 up...

CVE-2026-34344

Technical details about CVE-2026-34344 are not publicly provided in the supplied connected documents. The available descriptions are generic; monitor for official disclosures, patches, and affected products in subsequent updates.

CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...