44 matches found
CVE-2026-51218
A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...
CVE-2026-51218
A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...
PT-2026-53751
Name of the Vulnerable Software and Affected Versions snap7 version 1.4.3 Description A heap buffer overflow occurs in the TS7Worker::PerformFunctionWrite function located in /core/s7 server.cpp. This issue allows an attacker to trigger a Denial of Service DoS by sending a specially crafted packe...
curl: heap-use-after-free in state.referer when CURLOPT_REFERER replaced or cleared after perform
Calling curleasysetoptcurl, CURLOPTREFERER, ... to replace or clear a previously-set referer after curleasyperform frees the old string via Curlsetstropt lib/setopt.c:87 but leaves data-state.referer.ptr pointing at the freed heap region. curleasygetinfoCURLINFOREFERER and curleasyduphandle then...
OSV-2026-759 UNKNOWN READ in bfd_getb32
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513690224 Crash type: UNKNOWN READ Crash state: bfdgetb32 nds32elflo12reloc bfdperformrelocation...
PT-2026-23493
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the IdentityBrokerService.performLogin endpoint of Keycloak that allows authentication to continue using an Identity Provider IdP even after it has been administratively...
PT-2026-21959
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...
Palantir Aries security vulnerabilities
Palantir Aries is a software distribution and management system developed by the American company Palantir. There is a security vulnerability in Palantir Aries, which stems from bypassing authentication and authorization checks. This vulnerability may allow unauthenticated clients to view system...
Instantel Micromate (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
IBM TXSeries for Multiplatforms 跨站请求伪造漏洞
IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A cross-site request forgery vulnerability exists in IBM TXSeries for Multiplatforms,...
CVE-2023-39298
CVE-2023-39298 affects QNAP QTS and QuTS hero where a missing authorization vulnerability could allow local authenticated users to access data or perform actions beyond their permissions via unspecified vectors. The issue is documented to impact several QNAP operating system versions, with QuTScl...
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
CVE-2023-38579
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...
formation-perform-coach.fr Improper Access Control vulnerability OBB-3824515
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CE Phoenix 1.0.8.20 Remote Code Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
Anyone can call the perform function because there is no access control
Lines of code L31-L75 Vulnerability details Impact Anyone can call the perform function. It can lead to unauthorized changes in the security council. Proof of Concept There is no access control in the perform function and it is marked "external". function performaddress securityCouncil, address...
Anyone can change the members of Security Council
Lines of code Vulnerability details Impact Anyone can change the members of security council by calling the function perform in the contract SecurityCouncilMemberSyncAction.sol as the function is open to all. Proof of Concept uint256 updateNonce = getUpdateNoncesecurityCouncil; if nonce =...
The upgrade executor is granted the canceller role instead of the new emergency security council.
Lines of code Vulnerability details Impact In L1SCMgmtActivationAction.sol, the perform function is not granting role to the new emergency security council. It instead grants it to the upgrade executor. This logic doesn't align with the function inline comment and can prevent the perform function...
FANUC ROBOGUIDE-HandlingPRO
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: ROBOGUIDE-HandlingPRO Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected...
FreeBSD : chromium -- multiple vulnerabilities (8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec advisory. - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who ha...