DEBIAN-CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

CVE-2026-8113 8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to laun...

CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

CVE-2026-1145 quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function jstypedarrayconstructorta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may ...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

EUVD-2025-13413

Malicious code in bioql PyPI...

CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation NAT DNS inspection for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device t...

Linux Distros Unpatched Vulnerability : CVE-2024-40960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: prevent possible NULL dereference in rt6probe syzbot caught a NULL dereference in rt6probe 1 Bail out if in6devget returns NULL. 1 Oops: general protectio...

PT-2023-10327 · Unknown · Coebot-Www

Name of the Vulnerable Software and Affected Versions: coebot-www affected versions not specified Description: A problematic issue was found, affecting the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.j...

Follina: A zero-day vulnerability in Microsoft Office

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Microsoft has issued a patch after almost 15 days for a zero-day vulnerability identified as CVE-2022-30190 after various proof-of-concept POCs indicating that it is actively exploited became public. Security...

FireEye Exploitation: Project Zero’s Vulnerability of the Beast

Posted by Tavis Ormandy, Chief Silver Bullet Skeptic. FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet...

Winn Guestbook 2.4.8c - Stored XSS Vulnerability

No description provided by source. Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the...

RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/9751/info Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command. The problem exists due to insufficient bounds...

ViArt Shop Enterprise 4.1 - Arbitrary Command Execution

ViArt Shop Enterprise 4.1 - Arbitrary Command Execution ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provi...

Winn Guestbook v2.4.8c Stored XSS

Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the name variable. This allows maliciou...

Winn Guestbook v2.4.8c Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation o...

BlackBerry Enterprise Server vulnerable to malicious image file

BlackBerry Enterprise Server vulnerable to malicious image file There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The...

Novell Netware eDirectory DoS Vulnerability

Exploit for windows platform in category dos / poc nSense Vulnerability Research Security Advisory NSENSE-2011-002 --------------------------------------------------------------- Affected Vendor: Novell Affected Product: Netware, eDirectory Platform: Netware / Linux Impact: Remote Denial of Servi...

[NT] Zaep AntiSpam Cross Site Scripting

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...