CVE-2025-67432

The CVE-2025-67432 entry concerns Monkeybread Software MBS DynaPDF Plugin, version 21.3.1.1, where a stack overflow in the ZBarcode_Encode function can cause Denial of Service (DoS) via crafted input. Exploitation details are not provided in the documents. Remediation guidance is present in PT-20...

Silicon Labs Matter SDK 安全漏洞

Silicon Labs Matter SDK is a software development kit provided by Silicon Labs, Inc. in the United States. The Silicon Labs Matter SDK has a security vulnerability that stems from an integer overflow, leading to an infinite loop that could potentially trigger a denial-of-service attack...

PT-2026-7842

Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description An authorization bypass exists in Farktor Software E-Commerce Package due to manipulation of user-controlled variables. This allows bypassing intended access restriction...

PT-2026-7841

Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Services Inc. E-Commerce Package versions through 27112025 Description An Improper Neutralization of Input During Web Page Generation issue exists in Farktor Software E-Commerce Services Inc. E-Commerce Package,...

PT-2026-7840

Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description The software contains an improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection issue. This allows for potential unauthoriz...

PT-2026-7932

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive...

Filosoft Comerc32 安全漏洞

Filosoft Comerc32 is a commercial invoicing and management software developed by the Portuguese company Filosoft. Version Filosoft Comerc32 Commercial Invoicing 16.0.0.3 contains a security vulnerability. This vulnerability stems from a flaw in the comeinst.exe file, which may allow local attacke...

ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...

CVE-2026-20678

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data...

CVE-2026-20656

A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history...

CVE-2025-46305

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash...

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files...

UBUNTU-CVE-2026-20635

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20674

CVE-2026-20674 affects iOS and iPadOS. The issue is described as a privacy problem where an attacker with physical access to a locked device could view sensitive user information. Apple’s security content confirms the vulnerability and its fix in iOS 26.3 and iPadOS 26.3. Red Hat and NVD entries ...

CVE-2020-37214

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files...

CVE-2020-37191

Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code...

CVE-2020-37193

ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file...

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

CVE-2020-37214

CVE-2020-37214 affects Voyager 1.3.0 and is a directory traversal vulnerability in the asset path parameter used by the /admin/voyager-assets endpoint, allowing an attacker to read arbitrary files such as /etc/passwd and .env. The provided metrics show a high impact with both CVSS 3.1 (base score...

CVE-2020-37197

CVE-2020-37197 affects the Dnss Domain Name Search Software. The vulnerability arises in the registration Name input field, where an attacker can supply a crafted 1000-character payload to trigger a crash, resulting in a Denial of Service . The NVD/NVD-derived data confirms the attack vector as n...