CVE-2026-44325

CVE-2026-44325 affects free5GC NRF (v4.2.1) where POST /oauth2/token parses form data with a reflective type-confusion in api_accesstoken.go. The handler reflects over NrfAccessTokenAccessTokenReq, incorrectly treating most fields as a *models.PlmnId and assigns it to various destination fields, ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ip: Fixed a data race related to sysctlfwmarkreflect. When reading sysctlfwmarkreflect, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It runs untrusted code using built-in Node modules listed in the allowlist. In versions 3.9.6 to 3.10.5 of vm2, there was a code injection vulnerability. This vulnerability stemmed from a bridgi...

GHSA-F8QV-7X5W-QR48 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

Summary The Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddleware reflects the requesting Origin header value in the Access-Control-Allow-Origin...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925

CVE-2022-50925 concerns Prowise Reflect 1.0.9 with a remote keystroke injection via an exposed WebSocket on port 8082. The root cause is a malfunctioning WebSocket interface that allows crafted pages to send keyboard events, potentially opening applications and typing arbitrary text. Documented i...

CVE-2022-50925 Prowise Reflect v1.0.9 - Remote Keystroke Injection

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2022-50925 Prowise Reflect v1.0.9 - Remote Keystroke Injection

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

Prowise Reflect 访问控制错误漏洞

Prowise Reflect is a screen sharing software from Prowise Netherlands. An access control error vulnerability exists in Prowise Reflect version 1.0.9 that stems from the presence of remote keystroke injection, which could lead to an attacker sending keyboard events via WebSocket...

PT-2026-2401

Name of the Vulnerable Software and Affected Versions Prowise Reflect version 1.0.9 Description Prowise Reflect version 1.0.9 has a remote keystroke injection issue. An exposed WebSocket on port 8082 allows attackers to send keyboard events. Malicious web pages can be created to inject keystrokes...

CVE-2023-43896

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code...

CVE-2022-38179

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack...

CVE-2025-23984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through = 1.0...

CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriat...

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989882)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989882 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlfwmarkreflect. While reading sysctlfwmarkreflect, it can be...

EUVD-2020-0328

Malware in sbrugna...