41181 matches found
CVE-2026-9294
Summary: CVE-2026-9294 affects Edimax BR-6428NS (firmware 1.10). The vulnerability is in the POST Request Handler, inside the function formWanTcpipSetup, where manipulation of the argument pppUserName leads to a buffer overflow. This could be triggered remotely, and an exploit is publicly availab...
PT-2026-42880
Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A memory corruption issue exists in the NGReset Message Handler component. A remote attacker can trigger this condition through specific manipulation of the system. Recommendations Apply the...
PT-2026-42876
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...
PT-2026-42892
Name of the Vulnerable Software and Affected Versions SourceCodester Hospitals Patient Records Management System version 1.0 Description A security flaw allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue...
PT-2026-42870
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The...
PT-2026-42885
A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-46727
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...
Linux Distros Unpatched Vulnerability : CVE-2026-8695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a val...
Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-6474
A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...
EUVD-2026-31245
A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...
Netatalk SQL注入漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a SQL injection vulnerability. This vulnerability stems from the MySQL CNID backend’s SQL...
Astra Linux - уязвимость в chromium
Using use after free in V8 in Google Chrome before version 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 94.0.4606.54, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
The use of the “after free in storage foundation” feature in Google Chrome before version 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в binutils
A vulnerability was discovered in cp-demangle.c within GNU libiberty, as part of the GNU Binutils 2.31 package. This vulnerability stems from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could exploit this vulnerability to cause a...
Astra Linux - уязвимость в chromium
A heap buffer overflow in Bookmarks in Google Chrome prior to version 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In V8 in Google Chrome, prior to version 95.0.4638.54, it was possible for a remote attacker to exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в ghostscript
A divide-by-zero issue was discovered in epsprintpage within gdevepsn.c in Artifex Software GhostScript 9.50. This issue allows remote attackers to cause a denial of service by opening crafted PDF files...
Astra Linux - уязвимость в chromium
Using “after free” in Aura in Google Chrome before version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...