928 matches found
CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes
FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...
AutoGPT 授权问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions of AutoGPT prior to 0.6.48 contained an authorization vulnerability. This vulnerability stemmed from the lack of enforceable disable flags during graphical verification, allowing...
[SECURITY] Fedora 42 Update: tuigreet-0.9.1-7.fc42
Graphical console greeter for greetd...
[SECURITY] Fedora 43 Update: tuigreet-0.9.1-7.fc43
Graphical console greeter for greetd...
[SECURITY] Fedora 42 Update: openqa-5^20250711git28a0214-4.fc42
openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from a concurrency issue in the graphical module’s reutilization...
USN-8003-1 openjdk-21-crac vulnerabilities
It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...
ROS-20260129-73-0024
A vulnerability in the GIMP graphical editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information and cause a denial of service via a malicious file...
Exploit for CVE-2026-24061
CVE-2026-24061 Vulnerability Detection and Exploitation Tool...
Exploit for CVE-2026-24061
CVE-2026-24061 Vulnerability Detection and Exploitation Tool...
Exploit for Deserialization of Untrusted Data in Facebook React
🔍 Next.js Security Testing Tool Professiona...
MiracleLinux 8 : qt5-qtbase-5.15.3-5.el8 (AXSA:2023-7239:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7239:02 advisory. qt: buffer over-read via a crafted reply from a DNS server CVE-2023-33285 qt: allows remote attacker to bypass security restrictions caused by flaw ...
CVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...
CVE-2021-22709
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF Configuration Group File fil...
CVE-2021-22710
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...
CVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...
CVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...
CVE-2021-22711
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
Exploit for Deserialization of Untrusted Data in Facebook React
🔍 Next.js Security Testing Tool Professiona...
Exploit for Deserialization of Untrusted Data in Facebook React
🔍 Next.js Security Testing Tool Professiona...