171 matches found
PT-2026-45618
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...
CVE-2026-45185
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...
HCL BigFix RunBookAI 命令注入漏洞
HCL BigFix RunBookAI is an artificial intelligence automation product developed by the Indian company HCL. HCL BigFix RunBookAI has a command injection vulnerability. This vulnerability arises from unvalidated command inputs or potential command embedding. There are defects in the component input...
HCL BigFix RunBookAI 安全漏洞
HCL BigFix RunBookAI is an AI-driven automation platform developed by the American company HCL. HCL BigFix RunBookAI has a security vulnerability, which stems from the continuous presence of insecure input texts. The processing of component inputs poses security risks, increasing the likelihood o...
GHSA-GX38-8H33-PMXR free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...
WordPress plugin Simple Download Counter 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GHSA-VV7W-QF5C-734W AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php
Summary The aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data which is written to persistent temp files in /tmp/ with no size cap, no rat...
TP-Link AX53 安全漏洞
The TP-Link AX53 is a wireless router produced by TP-Link Corporation. The TP-Link AX53 v1 version has a security vulnerability. This vulnerability stems from insufficient input processing, which may allow authenticated attackers to inject and execute arbitrary commands...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13962)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13971)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
编号撤回
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager(AEM) 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
poc-factory-sample-output
Prompt Injection Guardrails Introduction In the rapidly e...
OpenClaw 资源管理错误漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Resource Management Error vulnerability that stems from an ACP bridge accepting too large a block of prompt text, which can be exploited by an attacker to cause problems with the processing of abnorm...
WordPress plugin UpMenu – Online ordering for restaurants 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin AMP Enhancer – Compatibility Layer for Official AMP Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Arbitrary Code Execution
Overview pymobiledevice3 is a Pure python3 implementation for working with iDevices iPhone, etc... Affected versions of this package are vulnerable to Arbitrary Code Execution via the insecure eval function used to process user-supplied input in the CLI. An attacker can execute arbitrary scripts ...
SAP Identity Management 安全漏洞
SAP Identity Management is a suite of identity management applications from SAP Germany that can be embedded into business processes. A security vulnerability exists in SAP Identity Management that stems from insufficient input processing and could cause an authenticated administrator to submit a...