CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the parameter sysCmd in the formSysCmd function within the goform/formSysCmd file, which allows for...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...

ROS-20260515-73-0002

Vulnerability in firebird due to lack of service data protection. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

Code Review Server 注入漏洞

Code Review Server is a code review tool based on large models, developed by Dennison Bertram. Versions of Code Review Server 0.1.0 and earlier had an injection vulnerability. This vulnerability stems from the executeRepomix function in the src/repomix.ts file, which allows for command injection,...

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli. Versions of XXL-JOB 3.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from improper control of resource identifiers due to the parameter logId in the function logDetailCat of the Execution Log...

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

fast-filesystem-mcp 命令注入漏洞

fast-filesystem-mcp is a model context protocol server developed by Efforthye. Versions of fast-filesystem-mcp 3.5.1 and earlier contained a command injection vulnerability. This vulnerability originated from the handleGetDiskUsage function in the file src/index.ts, which allowed command injectio...

stb 安全漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained security vulnerabilities, which stemmed from resource allocation issues in the setupfree function within the file stbvorbis.c. These vulnerabilities could lead to remote attacks...

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

MiracleLinux 3 : gnutls-1.4.1-14.0.1.AXS3 (AXSA:2014-243:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-243:01 advisory. GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002029 advisory. The ieee80211fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attacker...

MiracleLinux 4 : libtasn1-2.3-3.AXS4.1 (AXSA:2012-480:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-480:01 advisory. This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org Security...

CVE-2005-1898

The passthrough functionality in phpThumb.php in phpThumb before 1.5.4 allows remote attackers to read files that are not images...

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

EUVD-2019-13584

Malware in sbrugna...

EUVD-2011-3154

Malware in sbrugna...