CVE-2026-0924

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2...

PT-2025-36333

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 14.8.2 Description ImageMagick is free and open-source software used for editing and manipulating digital images. The software includes insecure functions: SeekBlob, which allows advancing the stream offset beyond...

CVE-2020-25232

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

CVE-2024-41335 affects DrayTek Vigor routers (multiple models) with vulnerable firmware versions that use insecure implementations of strcmp and memcmp. The root cause is timing-based information disclosure via these insecure comparisons, which may allow attackers to obtain sensitive data. Affect...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Proof of Concept PoC Description This rep...

PT-2024-21652 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.2 Description: The issue arises from the use of dangerouslySetInnerHTML when highlighting search results, which can trigger an XSS payload if the result contains malicious code. Additionally, during "query...

CVE-2022-23006 Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...

cups-pk-helper privilege escalation

Insecure CUPS functions call...

hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: hdweGUEST = 2.1.1 Cross Site Scripting Vulnerabilities Release Date: 2006/07/18 Last Modified: 2006/07/18 Author: Tamriel tamriel at gmx dot net Application: hdweGUEST 2.1.1 Risk: Low Vendor Status: contacted | no reply | no patch available...