Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

EUVD-2026-25624

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

CVE-2026-41502

CVE-2026-41502 affects the BACnet Stack C library. The issue is an off-by-one out-of-bounds read in the rpm_decode_object_id() routine used by the ReadPropertyMultiple service decoder. It checks apdu_len

Linux Distros Unpatched Vulnerability : CVE-2026-5187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot befor...

CVE-2026-5187

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187

CVE-2026-5187 affects wolfSSL’s wolfcrypt DecodeObjectId() in asn.c, with two potential heap out-of-bounds writes. First, a bounds check validates only one slot before writing two OID arcs (out[0], out[1]), allowing a 2-byte OOB write when outSz == 1. Second, callers pass sizeof(decOid) (64 bytes...

SUSE CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

EUVD-2026-19194

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

EUVD-2025-208341

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

Improper Encoding or Escaping of Output

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the unit parameter in the Custom OID process. An attacker can execute...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when certain Check calls are executed. An attacker can gain unauthorized access to resources by exploiting improper policy enforcement when specific conditions involving type bound public and non-public access...

UBUNTU-CVE-2025-71184

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfsevictinode the root might be NULL, as...

CVE-2025-71184

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfsevictinode the root might be NULL, as...

CVE-2025-71184

CVE-2025-71184 affects the Linux kernel’s btrfs subsystem. The issue is a NULL dereference in btrfs_evict_inode() when tracing inode eviction because the root may be NULL. The fix ensures root is treated as 0 or delays tracing until the root is non-NULL, preventing a NULL dereference during evict...