7921 matches found
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.49 Path Traversal Lab — CVE-2021-41773 Clone...
D-Link DIR-816 安全漏洞
The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05 version has a security vulnerability. This vulnerability stems from incorrect handling of the parameter pskValue in the file/goform/form2WlanBasicSetup.cgi, which may lead to a stack buffer overfl...
Quip MCP Server 命令注入漏洞
Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...
CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
CVE-2026-4192
The CVE-2026-4192 entry concerns AvinashBole quip-mcp-server 1.0.0, where the function setupToolHandlers in src/index.ts is vulnerable to command injection. The vulnerability is described as exploitable remotely, with the exploit publicly disclosed and the project reportedly not responding to the...
CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...
PT-2026-25567
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...
Insertion of Sensitive Information into Log File
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the pairing setup. An attacker can gain unauthorized access to long-lived shared gateway credentials by obtaining a leaked setup code...
CVE-2026-3556
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...
CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...
CVE-2026-3556
The CVE-2026-3556 issue affects Philips Hue Bridge, specifically in the hk_hap_pair_storage_put function used during HomeKit pairing. The vulnerability is a heap-based buffer overflow caused by inadequate validation of user-supplied data length prior to copying into a fixed-length heap buffer, al...
CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...
EUVD-2026-11521
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...
CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-2687
CVE-2026-2687 affects the WordPress plugin Reading progressbar prior to 1.3.1. The vulnerability arises because the plugin does not sanitize and escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...
CVE-2026-3978
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...
CVE-2026-3978 D-Link DIR-513 formEasySetupWizard3 stack-based overflow
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...