CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

PT-2024-20903 · Unknown · Libiec61850

Name of the Vulnerable Software and Affected Versions: libiec61850 versions 1.4.0 Description: The issue allows a remote attacker to cause a denial of service via the mmsServer handleGetNameListRequest function to the mms getnamelist service component. Recommendations: For version 1.4.0, consider...

VulnCheck KEV: CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

CVE-2021-21950

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...

PT-2021-5412 · Anker · Anker Eufy Homebase 2

Name of the Vulnerable Software and Affected Versions: Anker Eufy Homebase 2 version 2.1.6.9h Description: An out-of-bounds write issue exists in the CMD DEVICE GET SERVER LIST REQUEST functionality of the home security binary, specifically in the recv server device response msg process function...

CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

CVE-2018-16804

An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request...

CVE-2018-16804

An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request...

Gekko Manager FTP Client Stack Buffer Overflow

This module exploits a buffer overflow in Gekko Manager ftp client, triggered when processing the response received after sending a LIST request. If this response contains a long filename, a buffer overflow occurs, overwriting a structured exception handler. This module requires Metasploit:...

Conti FTP Server DoS

LIST //A: request causes server to hang...