CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

CVE-2026-28527

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

spdx-sboms

No d...

EUVD-2026-17077

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2019-25655

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing...

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612

AL-KO Robolinho Update Software contains hard-coded AWS Access and Secret keys that grant at least read access to objects in an AWS bucket. The vulnerability is documented for version 8.0.21.0610 as vulnerable; other versions were not tested and may also be affected. No remediation details are pr...

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

HAI Builds Code Generator 安全漏洞

HAI Builds Code Generator is an AI-driven software requirement generation and management tool open-sourced by Presidio INC. HAI Builds Code Generator has a security vulnerability, which stems from defects in the design of automatic terminal command execution. This vulnerability makes it susceptib...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...

PT-2026-29029

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DS...

AL-KO Robolinho Update Software 信任管理问题漏洞

AL-KO Robolinho Update Software is a firmware update tool developed by the German company AL-KO. Version 8.0.21.0610 of AL-KO Robolinho Update Software contains a vulnerability related to trust management. This vulnerability stems from hard-coded AWS keys, which may allow unauthorized access to A...

PT-2026-28757

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A flaw exists in the Totolink A3300R device. The setUPnPCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through manipulation of the enable argumen...