CVE-2026-24679 FreeRDP has a heap-buffer-overflow in urb_select_interface

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

CVE-2026-24679

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

PT-2026-7038

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw where the URBDRC client utilizes interface numbers provided by the server as array indices without proper bounds checking. This can...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization when executing DeleteReaction. An attacker can remove reactions from other users' entries by sending crafted requests with low-level privileges and no authentication. Remediation Upgrade...

CVE-2025-13249

A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...

EUVD-2025-35333

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

EUVD-2021-14176

Malware in sbrugna...

EUVD-2024-2325

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-38728

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-38728 smb3: fix for slab out of bounds on mount to ksmbd

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

GHSA-HW6F-RJFJ-J7J7 Eventlet affected by HTTP request smuggling in unparsed trailers

Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...

CVE-2025-52448

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux validate-initial-sql api modules allows Interface Manipulation data access to the production database cluster. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before...

CVE-2025-52446

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux tab-doc api modules allows Interface Manipulation data access to the production database cluster.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2024-8865

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

CVE-2019-9750

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01...

The vulnerability of the Rack::Static class in the module interface between web servers and Rack web applications allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Rack::Static module interface between web servers and Rack web applications is related to errors in processing relative pathnames to directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...