CVE-2026-10122

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocolname leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has...

CVE-2026-10122 TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocolname leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has...

CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

CVE-2024-5642

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

Cross-site Scripting (XSS)

URI.js is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of whitespace characters from the protocol name...

Dropbox: avrecode: global-buffer-overflow in get_neighbor()

Source: https://github.com/dropbox/avrecode Version: 2de743d Built using the Github instructions with afl-gcc and ASAN. Feeding this malformed .mp4 to recode triggers a global buffer overflow. ./recode roundtrip test003.mp4 mov,mp4,m4a,3gp,3g2,mj2 @ 0x61b00001f180 Protocol name not provided, cann...

CVE-2012-4415

Stack-based buffer overflow in the guacclientpluginopen function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service crash or execute arbitrary code via a long protocol name...

UBUNTU-CVE-2012-4415

Stack-based buffer overflow in the guacclientpluginopen function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service crash or execute arbitrary code via a long protocol name...

CVE-2012-4415

Stack-based buffer overflow in the guacclientpluginopen function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service crash or execute arbitrary code via a long protocol name...