OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from improper cleaning of the idarticolo parameter in the article pricing...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of the idrecords array in the batch operation...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...

@adonisjs/lucid 安全漏洞

@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from processing logic for multiple parts of the file, which...

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

CVE-2020-37128

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of...

CVE-2020-37128 ZOC Terminal 7.25.5 - 'Script' Denial of Service

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of...

CVE-2020-37128

CVE-2020-37128 affects ZOC Terminal 7.25.5. A script processing issue allows local attackers to crash the application by loading a maliciously crafted REXX script file; generating an oversized script (~20,000 repeated characters) can trigger a denial of service. Evidence across multiple sources c...

EUVD-2020-31024

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of...

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

📄 NPU Driver Use-After-Free Detector

This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...

Semi-Device-Independent Quantum Random Number Generator Resistant to General Attacks

Quantum random number generators QRNGs produce true random numbers based on the inherent randomness of quantum theory, rendering them a foundational segment of quantum cryptography. Distinguished from trusted-device QRNGs whose security depends on characterized devices, semi-device-independent...

PT-2026-6575

Name of the Vulnerable Software and Affected Versions Nsauditor Product Key Explorer version 4.2.2.0 Description The application can be crashed by a local attacker inputting a specially crafted registration key. A payload of 1000 bytes of repeated characters, when pasted into the 'Key' input fiel...

Amazon Linux 2 : golang-github-cpuguy83-go-md2man, --advisory ALAS2-2026-3137 (ALAS-2026-3137)

The version of golang-github-cpuguy83-go-md2man installed on the remote host is prior to 1.0.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3137 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service wh...

Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1399)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1399 advisory. The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when...

CVE-2026-25585

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

EUVD-2026-5317

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

CVE-2026-25585 iccDEV vulnerable to OOB in CIccXform3DLut::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

CVE-2026-25585 iccDEV vulnerable to OOB in CIccXform3DLut::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

CVE-2026-25139

RIOT OS vulnerable to multiple out-of-bounds reads in 6LoWPAN processing for version 2025.10 and prior. An unauthenticated attacker who can send/manipulate input packets can read adjacent memory or crash the device because the received packet is cast into a sixlowpan_sfr_rfrag_t struct and derefe...