ASB-A-467352655

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

Nautobot 安全漏洞

Nautobot is a web-based automation platform developed by the Nautobot team. Versions of Nautobot prior to 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from users who had permission to add/modify GitRepository records being able to directly set the currenthead...

CVE-2026-44618

Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.

UBUNTU-CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2020-37230

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSyste...

EUVD-2020-31231

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSyste...

IObit Advanced SystemCare Service 代码问题漏洞

IObit Advanced SystemCare Service is a Windows background service component developed by IObit that supports system optimization, performance cleanup, and security maintenance. Version 13.0.0.157 of IObit Advanced SystemCare Service contains a code vulnerability. This vulnerability stems from an...

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

GHSA-935G-9RQ5-Q95C short-video-maker has a path traversal vulnerability

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

CVE-2026-1949

Delta Electronics AS320T is affected by CVE-2026-1949 due to an incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. The available reports identify the host device and the vulnerable component as the AS320T web service handling GET/PUT requests,...

Oracle多款产品 安全漏洞

Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is a tool used for developing and deploying Java applications for desktop, server, embedded devices, and real-time environments. Oracle GraalVM is a just-in-time compiler written in the Java...

DesktopEditors 安全漏洞

DesktopEditors is an open-source offline office suite developed by ONLYOFFICE, supporting editing of documents, spreadsheets, presentations, and PDFs. Versions of DesktopEditors prior to 9.3.0 contained a security vulnerability. This vulnerability stemmed from defects in the update service, which...

PT-2026-33271

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges...

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from improper use of the boot service. This vulnerability may lead to privilege escalation and arbitrary code...

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

CVE-2026-26160

CVE-2026-26160 affects the Windows Remote Desktop Licensing Service. The issue arises from missing authentication for a critical function, enabling an authorized local attacker to elevate privileges on affected systems. The CVE has a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, lo...

CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability

...

Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...