7926 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-23258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this...
Linux Distros Unpatched Vulnerability : CVE-2026-23254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption i...
Linux kernel ๅฎๅ จๆผๆด
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mistake in the cleanup loop of the setupnicdevices function in the liquidio driver. This mistak...
Linux Distros Unpatched Vulnerability : CVE-2026-23256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The...
Linux kernel ๅฎๅ จๆผๆด
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mistake in the cleanup loop of the setupnicdevices function in the liquidio driverโs PF. This...
Linux Distros Unpatched Vulnerability : CVE-2026-23257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The...
Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server
CVE-2025-5548 Security research and reprod...
Improper Privilege Management
Overview openclaw is a ๐ฆ OpenClaw โ Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management. An attacker can gain unauthorized privileges by replaying a valid setup code before approval, allowing escalation of pending device pairing scopes...
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects โ including Django apps, ML research code, Streamlit dashboards, and PyPI packages โ by...
CVE-2026-29521
CVE-2026-29521 affects Hereta ETH-IMC408M devices with firmware 1.0.15 and earlier, where missing CSRF protections in setup.cgi allow cross-site request forgery. An attacker hosting malicious pages can submit forged requests using automatically-included HTTP Basic Authentication credentials to mo...
CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...
CVE-2026-4192
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
CVE-2026-3556
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.49 Path Traversal Lab โ CVE-2021-41773 Clone...
Quip MCP Server ๅฝไปคๆณจๅ ฅๆผๆด
Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...
D-Link DIR-816 ๅฎๅ จๆผๆด
The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05 version has a security vulnerability. This vulnerability stems from incorrect handling of the parameter pskValue in the file/goform/form2WlanBasicSetup.cgi, which may lead to a stack buffer overfl...
CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
CVE-2026-4192
The CVE-2026-4192 entry concerns AvinashBole quip-mcp-server 1.0.0, where the function setupToolHandlers in src/index.ts is vulnerable to command injection. The vulnerability is described as exploitable remotely, with the exploit publicly disclosed and the project reportedly not responding to the...
CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...