PT-2026-2720

Name of the Vulnerable Software and Affected Versions Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description A flaw exists in the Windows Local Security Authority Subsystem Service LSASS that could allow an attacker to cause a denial of service over a...

CVE-2023-25341

A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2019-2582

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability ca...

CVE-2019-2847

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low...

CVE-2024-39091

An OS command injection vulnerability in the ccmdebug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request...

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

Siemens Ruggedcom ROX Allocation of Resources Without Limits or Throttling (CVE-2021-35586)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Siemens Ruggedcom ROX Uncontrolled Resource Consumption (CVE-2021-35559)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2025-1207

A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather...

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...

PT-2026-1836

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description The user interface in Microsoft Edge for Android exhibits a misrepresentation of critical information, potentially enabling an authorized attacker to conduct spoofing attac...

Exploit for CVE-2025-14847

MongoBleed - CV...

PT-2025-53922

Name of the Vulnerable Software and Affected Versions D-Link DCS-850L version 1.02.09 Description A flaw exists within the Firmware Update Service component, specifically in the uploadfirmware function. The issue stems from manipulating the DownloadFile argument, leading to a path traversal...

PT-2025-52631

Name of the Vulnerable Software and Affected Versions Sharp projectors affected versions not specified Description A flaw exists in Sharp Display Solutions projectors that involves improper validation of the integrity check value. This could allow an attacker to create and execute unauthorized...

EUVD-2025-204619

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service DoS...

PT-2025-52531

Name of the Vulnerable Software and Affected Versions Tapo C200 V3 affected versions not specified Description The device’s HTTPS server does not correctly validate the Content-Length header, leading to an integer overflow. An attacker on the same local network can send specially crafted HTTPS...

CVE-2025-64677

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

EUVD-2025-204413

'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network...

CVE-2025-65041

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network...