1365 matches found
CVE-2026-6948
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...
CVE-2026-33448
CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...
CVE-2026-33450 Out of bounds read in Secure Access MacOS clients prior to 14.50
CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service...
EUVD-2026-26416
CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...
VulnCheck KEV: CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
Festo MSE6 安全漏洞
MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD,MSE6-E2M-5000-FB13-AGD,MSE6-E2M-5000-FB37-AGD and so on are industrial control components. A denial of service vulnerability exists in several festo products, which can be exploited by attackers to gain control of a server...
GHSA-7HMV-4J2J-PP6F PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`
Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system developed by MetInfo Corporation. Versions 7.9, 8.0, and 8.1 of MetInfo CMS have security vulnerabilities. These vulnerabilities stem from unvalidated PHP code injection, which could allow remote attackers to execute arbitrary code by sending specially...
HCL Aftermarket DPC File Upload Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a file upload vulnerability, which stems from the application not strictly verifying or filtering user uploaded files, and can be exploited by an attacker to upload and...
EUVD-2025-209057
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...
CVE-2025-55267
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...
CVE-2025-55267
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...
CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...
CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...
HCL Aftermarket DPC 安全漏洞
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a file upload vulnerability, which stems from the application not strictly verifying or filtering user uploaded files, and can be exploited by an attacker to upload and...
CVE-2026-26016
Summary: CVE-2026-26016 affects Pterodactyl Panel (Wings) prior to 1.12.1 due to missing authorization checks across multiple controllers/endpoints. An authenticated Wings node with a node secret token can access and disclose information about servers on other nodes, retrieve server installation ...
EUVD-2026-3295
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered...
CVE-2026-21696
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
CVE-2005-1909
The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "...