4536 matches found
CVE-2025-15608
The CVE-2025-15608 issue affects TP-Link Archer AX53 (v1). It arises from insufficient input sanitization in the device’s probe handling logic, allowing unvalidated parameters to trigger a stack-based buffer overflow in a central service. The vulnerability may, under specific conditions, enable r...
CVE-2025-15608
This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...
CVE-2025-15608 Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53
This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...
PT-2026-26631
This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...
CVE-2025-71270
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPFPROBEMEM instructions. When a BPF program performs memory access...
CVE-2026-22174
OpenClaw: Affected software is OpenClaw versions prior to 2026.2.22. The root cause is that the x-OpenClaw-relay-token header is injected into Chrome CDP probe traffic on loopback interfaces, enabling local processes to capture the Gateway authentication token. An attacker controlling a loopback ...
CVE-2026-32705
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
PX4-Autopilot 安全漏洞
PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from the BST telemetry probe’s use of a length-based string terminator without proper boundary checks, which cou...
Oracle Linux 8 : dtrace (ELSA-2026-50151)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50151 advisory. 2.0.6-1 - Fix dtprobed unsafe probe description handling CVE-2026-21991. Orabug: 39054018 Credit Statement: The following people or organizations reported...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
EUVD-2026-12148
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
dtrace security update
2.0.6-1 - Fix dtprobed unsafe probe description handling CVE-2026-21991. Orabug: 39054018 Credit Statement: The following people or organizations reported security vulnerabilities addressed by this ELSA to Oracle: Dhiraj Mishra: CVE-2026-21991...
Oracle Linux 10 / 9 : dtrace (ELSA-2026-50153)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50153 advisory. 2.0.6-1 - Fix dtprobed unsafe probe description handling CVE-2026-21991. Orabug: 39054018 Credit Statement: The following people or organizations reported...
dtrace security update
2.0.6-1 - Fix dtprobed unsafe probe description handling CVE-2026-21991. Orabug: 39054018 Credit Statement: The following people or organizations reported security vulnerabilities addressed by this ELSA to Oracle: Dhiraj Mishra: CVE-2026-21991...
Oracle Linux 8 / 9 : dtrace (ELSA-2026-50152)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50152 advisory. 2.0.6-1 - Fix dtprobed unsafe probe description handling CVE-2026-21991. Orabug: 39054018 Credit Statement The following people or organizations reported...
CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...
CVE-2026-30957
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...
CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...
CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...