1832 matches found
SPIP BigUp Plugin - Remote Code Execution
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...
GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...
EUVD-2026-38045
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56208
CVE-2026-56208 affects libaom, the reference AV1 codec. A flaw in the encoder’s Look-Ahead Processing (LAP) mode bypasses the first-pass stats ring-buffer guard when g_lag_in_frames is 1 or more, causing a 232-byte out-of-bounds write on every frame after the second. This can corrupt heap objects...
CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-11596
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...
EUVD-2026-36079
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...
CVE-2026-11596
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...
CVE-2026-11596
Affected software: ScreenConnect™ (before version 26.2). The vulnerability concerns input validation in the Host Pass creation flow, where an authenticated user with Host Pass creation privileges could set a delegated access token expiration longer than the intended maximum. Impact, as described,...
CVE-2026-11596
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...
PT-2026-48490
Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.2 Description Insufficient input validation within the Host Pass creation functionality allows an authenticated user with Host Pass creation privileges to specify a token expiration duration that exceeds the...
ConnectWise ScreenConnect 安全漏洞
ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. Versions of ConnectWise ScreenConnect prior to version 26.2 contained a security vulnerability. This vulnerability stemmed from the lack of input validation for the token expiration duration...
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
Malicious code in magique-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6806267ad399a4b51411f5176e26470cccb7803dff5f0f6f1e3dca6e6c82170c Versions 0.4.4, 0.4.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in napari-ufish (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5103d2b75fe554764a66f5e03957c303d4085a7d5133463f58aa0c83a87f5d7d Versions 0.0.2, 0.0.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
MAL-2026-5296 Malicious code in magique (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d3bf9e3bbd5c258d251ade5a15f3383a47a53ddd399d7cd3db2aee5cec45c4 Versions 0.6.8, 0.6.9 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
MAL-2026-5313 Malicious code in dreamgen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d13836e2a6e18233bd22274b546345ad8ae8959fa00ad1c3d473568feed3f6d3 Versions 1.8.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
CVE-2025-10908
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...
Kali-setup
🛠️ kali-setup A single bash script that pulls in the 20 most-...