CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

CVE-2023-4019

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases...

RHEL 9 : tomcat (RHSA-2025:23049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23049 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

CLSA-2025-1764580671 pki-servlet-engine: Fix of 2 CVEs

CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on case insensitive file systems - CVE-2024-38286: fix issue of resource allocation without limits or throttling vulnerability in TLS handshake process - Apply skip-common-daemon patch to remove the commons-daemon.jar copy...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability ha...

CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...

CVE-2025-53371 DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and filegetcontents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls...

CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

PT-2025-24620

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 2.0.0 through 3.9.0 Apache Kafka versions 3.0.0 through 3.9.0, where users are allowed to specify properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations Apache Kafka...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:1126-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1126-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update t...

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

Apache Tomcat 9.0.0.M1 < 9.0.98 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.98. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.98security-9 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat...

CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

EUVD-2023-54518

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

Pivotal Spring Framework contains unsafe Java deserialization methods

Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

Potential RCE if filename starts with phar://

More info at https://pear.php.net/bugs/bug.php?id=23782...