CVE-2019-25735

AllPlayer 7.4 has a local buffer overflow in URL handling that allows an attacker to overwrite SEH pointers with a crafted long URL via the Open URL dialog, enabling SEH-based code execution with user privileges. The vulnerability is local, requires no user interaction beyond URL input, and the i...

CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

EUVD-2025-210044

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

EUVD-2026-33773

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10295 SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

CVE-2026-0069

In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45638

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add review/save review/get all reviews of the file review app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local...

Exploit for CVE-2026-9789

CVE ID: CVE-2026-9789 Researcher: Vo Duc Thang ugvxb...

PT-2026-44861

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

CVE-2024-11399

CVE-2024-11399 affects Synology BeeDrive for Desktop (redis-server component) prior to version 1.3.2-13814. Local users can trigger a denial-of-service via unspecified vectors, with impact on availability (CVSSv3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). Root cause details are not specified in the...

CVE-2024-11399

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...

PT-2026-43187

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read 2004 compressed section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been ma...

AgataSoft Auto PingMaster 安全漏洞

AgataSoft Auto PingMaster is a network monitoring tool from AgataSoft, Inc. that supports host connectivity detection, latency monitoring and fault alerting. A security vulnerability exists in AgataSoft Auto PingMaster version 1.5, which stems from a stack-based buffer overflow in the Trace Route...

CVE-2018-25356

The CVE applies to SIPp 3.6 and earlier, where a local buffer overflow exists in command-line argument handling. The underlying issue is a strcpy overflow in sipp.cpp caused by oversized input to -3pcc, -i, or -log_file parameters. This can allow a local attacker to crash SIPp or potentially exec...

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

Motorola Factory Test 安全漏洞

Motorola Factory Test is a mobile device hardware testing and production testing tool developed by the American company Motorola. Motorola Factory Test contains a security vulnerability. This vulnerability stems from the use of references to writable file descriptors in applications, which may...

CVE-2026-8784

Technical details are not publicly available in the provided documents. Monitor for updates.

PT-2026-41632

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change file status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

CVE-2018-25328

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute...