CVE-2026-10173 Orthanc Explorer 2 URL StudyList.vue cross site scripting

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

Astra Linux - уязвимость в binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

CVE-2019-25592 PHPRunner 10.1 Denial of Service via Dashboard Name Field

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2019-25591 DNSS Domain Name Search Software 2.1.8 Denial of Service

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2026-1024)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for...

TencentOS Server 3: graphviz (TSSA-2023:0148)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0148 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2017-2971

Malware in sbrugna...

EUVD-2020-18338

Malware in sbrugna...

EUVD-2016-1711

Malware in sbrugna...

EUVD-2021-31325

Malicious code in bioql PyPI...

EUVD-2022-6096

Malicious code in bioql PyPI...

EUVD-2021-31337

Malicious code in bioql PyPI...

EUVD-2024-33572

Malicious code in bioql PyPI...

EUVD-2021-31328

Malicious code in bioql PyPI...

EUVD-2024-41883

Malicious code in bioql PyPI...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the torch.linalg.lu function. In AOTAutograd mode LU decomposition can't accept slice operation and An attacker can cause the application to become unresponsive or crash if backend="aoteager" by providing speciall...

WordPress plugin Aitasi Coming Soon 代码问题漏洞

WordPress Aitasi Coming Soon plugin is a plugin for creating professional coming soon pages Coming Soon or maintenance mode pages that can be built quickly without coding or design skills. The WordPress Aitasi Coming Soon plugin suffers from a deserialization vulnerability that arises from unsafe...

Linux Distros Unpatched Vulnerability : CVE-2019-1010266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack...

CVE-2025-0695

An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

CVE-2025-2921

Netis WF-2404 (version 1.1.124EN) is affected by CVE-2025-2921, involving an unknown function in the /etc/passwd file. Reports indicate that manipulating input labeled as Realtek can cause the device to rely on a default password, enabling an attack on the physical device. The CVE’s access vector...