CVE-2026-0839

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and...

CVE-2025-65105

CVE-2025-65105 affects Apptainer prior to 1.4.5, where two forms of the --security option (--security=apparmor: and --security=selinux:) can be disabled, weakening confinement on containers. The issue is described as affecting how --security is applied, including environments where the feature is...

Prevent RCE when deserializing untrusted user input

Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.27 or higher. For more information See the following links for more details: - Git commit -...

Example finding from form

Email address [email protected] Handle adamavenir Eth address 234234234 Vulnerability details Some details: detailsschmetails Impact Brace for it! Proof of concept proof of concept Tools used I used no tools. Just this form and my BARE HANDS Recommended mitigation steps I would recommend not doing...

Unsafe deserialization in Yii 2

Impact Remote code execution in case application calls unserialize on user input containing specially crafted string. Patches 2.0.38 Workarounds Add the following to BatchQueryResult.php: php public function sleep throw new \BadMethodCallException'Cannot serialize '.CLASS; public function wakeup...

CVE-2017-15196

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user...