DEBIAN-CVE-2026-6042

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

UBUNTU-CVE-2026-6042

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

CVE-2026-6042

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

PT-2026-30900

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information. This poses a risk to the...

CVE-2026-5621

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

CVE-2026-5621

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

@nor2/heim-mcp vulnerable to command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

PT-2026-30564

Name of the Vulnerable Software and Affected Versions ChrisChinchilla Vale-MCP versions up to 0.1.0 Description A vulnerability exists in ChrisChinchilla Vale-MCP up to version 0.1.0, specifically within the file src/index.ts of the HTTP Interface component. The manipulation of the config path...

PT-2026-30633

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

CVE-2026-5603

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

EUVD-2018-21766

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

CVE-2019-25681

Xlight FTP Server 3.9.1 contains a structured exception handler SEH overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual...

CVE-2019-25677 WinRAR 5.61 Denial of Service via Malformed Language File

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

CVE-2019-25658

The CVE-2019-25658 entry concerns the a-Mac Address Change 5.4 application. The vulnerability is a local buffer overflow in the registration form handling code. Specifically, sending oversized input (212 bytes) into any of the fields—'Your Name', 'Your Company', or 'Register Code'—and clicking Re...

CVE-2026-5473

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2018-25243

FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation ...