865 matches found
CVE-2026-61498
Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...
CVE-2026-61498
CVE-2026-61498 affects Vitec Flamingo 4.12.2. The vulnerability is an unauthenticated OS command injection in the admin/ajax/gen_graphs.php endpoint, where input values from GET parameters (start, end, key, format) are unsafely passed to shell commands via passthru(), enabling remote command exec...
PT-2026-57817
Name of the Vulnerable Software and Affected Versions Vitec Flamingo version 4.12.2 Description An unauthenticated OS command injection exists in the 'admin/ajax/gen graphs.php' endpoint. Remote attackers can execute arbitrary commands with root privileges by providing shell metacharacters throug...
Malicious code in auth-next-gen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe0926f0a2c1f47072efaac014be38bb00c8e9f31f59badf188b1ed74dd5c2ce On require of auth-next-gen, index.js loads lib/writer.js, which at module top level performs an axios GET against a base64-obfuscated URL...
Erlang/OTP 17.0 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 Multiple Vulnerabilities
The version of Erlang/OTP installed on the remote host is 17.0 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by multiple vulnerabilities: - Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFT...
Malicious code in gen-ai-opt-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...
MAL-2026-6761 Malicious code in gen-ai-opt-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...
EUVD-2026-40990
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sgpage returns struct page pointer not void so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted...
HPESBHF05020 rev.1 - Certain HPE SimpliVity Servers Using Certain AMD EPYC Processors, AMD-SB-3023:AMD Server Vulnerabilities, Multiple Vulnerabilities
Potential Security Impact: Local: Arbitrary Command Execution, Denial of Service DoS, memory corruption, Buffer Overflow SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 325 Gen10 - Prior to SimpliVity Gen10 Support Pack SVTSP 2026-0605- Prior to SimpliVity Gen11...
HPESBHF05017 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01396, 2026.1 IPU, Intel Processor Firmware Advisory, Local Escalation of Privilege Vulnerability
Potential Security Impact: Local: Escalation of Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 380 Gen11 - Prior to SimpliVity Gen11 Support Pack 20260605 HPE SimpliVity 380 Gen10 Plus - Prior to SimpliVity Gen10 Support Pack 20260605 CVSS Scores: | CVE |...
CVE-2026-46866
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent Next Gen. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
PT-2026-49972
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...
PT-2026-49974
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent Next Gen. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
EUVD-2025-210128
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus o...
EUVD-2025-210124
Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...
CVE-2025-7019
Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus...
CVE-2025-7005
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...
CVE-2025-7011
This CVE-2025-7011 describes a heap out-of-bounds read in the Avast Gen Digital antivirus engine when processing a malformed ZIP containing XML, potentially enabling local code execution or antivirus process denial-of-service. Affected products include Avast Antivirus, AVG Antivirus, Norton Antiv...
CVE-2025-7011 Avast antivirus heap OOB when scanning a malformed zip file
Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...