175 matches found
RARLAB WinRAR < 7.23 Heap-Based Buffer Overflow (CVE-2026-14191)
The version of RARLAB WinRAR installed on the remote Windows host is prior to 7.23. It is, therefore, affected by a heap-based buffer overflow vulnerability: - An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser. The RecItems vector is sized only when the first .rev file in...
UBUNTU-CVE-2026-58033
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
CVE-2026-14191
An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...
UBUNTU-CVE-2026-14191
An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...
PT-2026-54451
Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.23 UnRAR versions prior to 7.23 Description An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser within the RecVolumes5::ReadHeader function in recvol5.cpp. The issue occurs because the RecItems...
Malicious code in ipy-rev-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...
MAL-2026-5475 Malicious code in ipy-rev-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...
Clash Verge Rev 安全漏洞
Clash Verge Rev is an open-source proxy tool developed by Clash Verge Rev. Versions prior to Clash Verge Rev 2.3.0 contained security vulnerabilities; these vulnerabilities stemmed from the existence of globally accessible IPC endpoints, which could lead to local privilege escalation...
subversion: Fix of CVE-2018-11782
CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...
EUVD-2025-208635
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
CVE-2025-13779
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
CVE-2025-13779 Configuration Data Spill
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
PT-2026-25311
🟠 CVE-2025-13777 - High Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. https://t.co/k9L0CuzZX4 https://t.co/FbKYQV3svl...
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
EUVD-2026-5556
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763
OpenProject suffers a command-injection like arbitrary file write in the repository changes endpoint (/projects/:project_id/repository/changes) when rendering the latest changes via git log. A crafted rev parameter (for example rev=--output=/tmp/poc.txt) is interpreted by Git as an option, causin...
PT-2026-6805
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...
CVE-2026-24685
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...
CVE-2026-24685 OpenProject has Argument Injection on Repository module that allows Arbitrary File Write
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...