CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

EUVD-2026-37063

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

CVE-2026-10829

CVE-2026-10829 affects the NPort W2150A-W4 / W2250A-W4 Series (versions 1.5 and earlier). The issue is a stack-based buffer overflow caused by insufficient input validation of the "Server location" parameter on the Basic settings web page. An attacker can send crafted input to the web service to ...

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

PT-2026-49654

Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...

EUVD-2020-30880

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

DB-GPT 路径遍历漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A path traversal vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the knowledge API that allows an attacker to write a file to an...

CVE-2024-52600

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

CVE-2021-31314

The CVE-2021-31314 entry concerns ejinshan v8+ terminal security system and is a file upload vulnerability that allows an attacker to upload arbitrary files to arbitrary locations on the server. The NVD/Red Hat/CNNVD entries corroborate an unrestricted file upload issue affecting ejinshan v8+; th...

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal...

CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

Facebook Password-Reset Spam is Botnet Attack

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware. The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-the...