CVE-2026-32310

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

PT-2026-26658

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

CVE-2024-5653

A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-5653 Chanjet Smooth T+system keyEdit.aspx sql injection

A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-5653

CVE-2024-5653 affects Chanjet Smooth T+system 3.5. The SQL injection vulnerability arises from insecure handling of the KeyID parameter in /tplus/UFAQD/keyEdit.aspx, enabling remote exploitation. Multiple sources corroborate the issue and indicate public exploitation may be possible. Remediation ...

Improper Verification Of Cryptographic Signatures

tuf improperly verifies cryptographic signatures. The vulnerability exists as it was possible to use 1 set of signature with multiple keyid to bypass the intended signature threshold for the verification to succeed...

NTPsec 1.1.2 - ntp_control Authenticated NULL Pointer Dereference Exploit

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-npe Vendor Homepage: https://ntpsec.org...

NTPsec 1.1.2 - config (Authenticated) Out-of-Bounds Write Denial of Service (PoC)

NTPsec 1.1.2 - config Authenticated Out-of-Bounds Write Denial of Service PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Websit...

UBUNTU-CVE-2017-5336

Stack-based buffer overflow in the cdkpkgetkeyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate...

krb5: telnet client and server encrypt_keyid heap-based buffer overflow

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...

Unfixed XSS vulnerability at www.research.be

Security researcher By Encore, has submitted on 22/04/2007 a cross-site-scripting XSS vulnerability affecting www.research.be, which at the time of submission ranked 3450989 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/04/2007. It is...