256843 matches found
PT-2026-50164
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...
PT-2026-49806
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in multiple functions within VideoRtpPayloadDecoderNode.cpp can lead to an out-of-bounds write. This issue allows for remote code execution...
PT-2026-50086
Name of the Vulnerable Software and Affected Versions ACPT Pro - Custom Post Types Plugin for WordPress versions prior to 2.0.48 Description Improper Control of Generation of Code allows for Remote Code Inclusion and unauthenticated Remote Code Execution RCE. This issue enables an attacker to...
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary...
PT-2026-49794
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49809
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An integer overflow in the IntfGraphCreate function within intfgraph.c can lead to an out-of-bounds write. This condition allows for remote code execution witho...
PT-2026-49817
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49798
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49820
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49804
In mfc core get dec metadata sei nal of mfc core reg api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49812
Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...
PT-2026-49654
Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...
PT-2026-49618
Name of the Vulnerable Software and Affected Versions Premmerce Dev Tools versions prior to 2.1 Description The Premmerce Dev Tools plugin for WordPress allows authenticated attackers with Subscriber-level access and above to achieve remote code execution. The issue occurs because the...
PT-2026-49785
Name of the Vulnerable Software and Affected Versions WC-Radio affected versions not specified Description A missing bounds check in WC-Radio allows for an out-of-bounds write, which is a memory corruption occurance where data is written outside the intended buffer. This can lead to remote code...
CVE-2026-48853
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
CVE-2026-48853
CVE-2026-48853 affects the elixir-grpc/grpc stack where the Erlpack codec decodes gRPC payloads with :erlang.binary_to_term/1 without safety bounds. This leads to untrusted data deserialization, atom creation risk (atom table exhaustion) and potential remote code execution if a malicious term rea...
CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
EUVD-2026-37015
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
EEF-CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
Summary Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote...