21100 matches found
CVE-2026-34234
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...
CVE-2025-15645
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...
CVE-2025-15645 Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...
CVE-2025-15645
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...
CVE-2025-15645 Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...
CVE-2025-15645
The CVE-2025-15645 affects Ledger Nano X, Flex, and Stax MCU firmware updater. The vulnerability is a denial-of-service in the MCU firmware update process caused by missing validation of the reset_handler parameter during firmware flashing. An attacker could supply a crafted reset_handler address...
EUVD-2026-30984
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...
CVE-2026-34234
CVE-2026-34234 affects CtrlPanel (open-source hosting-provider billing) versions up to 1.1.1. The web installer at public/installer/index.php executes form handlers before install.lock gating and uses unsanitized user input in shell commands, enabling unauthenticated RCE. A PoC demonstrates a cra...
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...
cpython: Header injection via newlines in data URL mediatype in Python
Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
GHSA-W4VJ-R5PG-3722 Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...
GHSA-29WV-CV7P-XJC2 GlassFish's gadget handler is vulnerable to RCE
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
Algernon: handler.lua discovery walks parent directories above the server root
Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2587
CVE-2026-2587 describes a critical RCE in the server-side template rendering used by the Glassfish gadget handler. The flaw arises when processing .xml files, evaluating user-supplied values as Expression Language (EL) expressions without proper sanitization, e.g., #{7*7}, enabling server-side EL...
Advisory ROSA-SA-2026-3275
software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-4 affected versions libssh-0.9.8-4 CVE-ID: CVE-2026-3731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A read outside allocated buffer vulnerability in the SFTP Extension Name Handler component of the libssh library allows a...
cpython: Header injection via newlines in data URL mediatype in Python
Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CLSA-2026-1779179106 php: Fix of 2 CVEs
CVE-2026-7261: SOAP UAF on SoapServer::handle header-handler failure - CVE-2026-7262: SOAP tozvalmap NULL pointer dereference...