ELECOM WAB 代码问题漏洞

ELECOM WAB is a series of wireless access points produced by the ELECOM company in Japan. ELECOM WAB has a code vulnerability that stems from the lack of checking whether the language parameter has an appropriate value. This vulnerability may cause administrator pages to be displayed incorrectly ...

GHSA-CJ8J-37RH-8475 Bouncy Castle Uncontrolled Resource Consumption vulnerability

Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This issue affects BC-JAVA before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

CVE-2019-25477 RAR Password Recovery 1.80 Denial of Service Buffer Overflow

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration...

EUVD-2026-11115

Update to verison IFTOPP4181 or later...

CVE-2025-27769

CVE-2025-27769 affects Heliox Flex 180 kW EV Charging Station (all versions before F4.11.1) and Heliox Mobile DC 40 kW EV Charging Station (all versions before L4.10.1). The issue is improper access control that could allow an attacker to reach unauthorized services via the charging cable. CVSS m...

CVE-2026-0782

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

PT-2026-3897

AP180 series with firmware versions prior to AP RGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

CVE-2025-68463

Bio.Entrez in Biopython through 186 allows doctype XXE...

TencentOS Server 3: pcs (TSSA-2025:0818)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0818 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

WordPress - WP Social Ninja exposed API Key

WordPress - WP Social Ninja exposed API Key Joshua Martinelle Thu, 09/04/2025 - 08:43 WP Social Media is a WordPress plugin that allows to integrate social media feeds such as Instagram Feed, Facebook Feed, social reviews such as Google Reviews, WooCommerce Reviews Pro, and chat widgets such as...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-5072

Resource leak vulnerability in ASR180x、ASR190x in conmgr allows Resource Leak Exposure.This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...

Asrmicro ASR Series 安全漏洞

The Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in the Asrmicro ASR Series that stems from incorrect output and possible memory access overruns. The following products are affected: ASR360x Series chips, ASR160x...

Asrmicro ASR Series 安全漏洞

The Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in the Asrmicro ASR Series, which stems from an out-of-bounds read that will result in a computational error. The following products are affected: ASR360x Series chip...

Telit Cinterion BGS5 Security Vulnerability

Telit Cinterion BGS5 is a mobile communication module from Telit Communications Telit. A security vulnerability exists in Telit Cinterion that originates from allowing an attacker with physical access privileges to gain read and write access to any file and directory on the target system. Affecte...

CVE-2023-22807

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol...