CVE-2026-3088

CVE-2026-3088 affects certain Netgear routers (e.g., RBSE950, RBS860, RBSE960, RBR860, RBRE960, RBRE950) where unauthenticated adjacent attackers can disrupt router availability by sending specially crafted requests. Root cause details are not specified in the provided documents. CVSS metrics ind...

CVE-2025-40833

CVE-2025-40833 describes a null pointer dereference vulnerability in devices when handling specially crafted IPv4 requests, leading to a denial of service. The impact is a DoS condition requiring a manual restart to recover. The available documents do not specify the affected products, vendor, ve...

TP-Link Omada Switches 安全漏洞

TP-Link Omada switches are a series of switches produced by TP-Link, a Chinese company. The TP-Link Omada switches have security vulnerabilities. These vulnerabilities stem from insufficient validation of the web interface, which may lead to out-of-bound memory access when processing specially...

Cube 安全漏洞

Cube is a semantic layer developed by Cube OpenSource for building data applications. Versions of Cube from 1.1.17 to 1.5.13, as well as 1.4.2, contained security vulnerabilities. These vulnerabilities stemmed from the possibility of the entire API service becoming unavailable when specially...

EUVD-2020-7783

Malware in sbrugna...

CVE-2025-5514

Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web...

CVE-2021-21876

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

The vulnerability of the Apache Superset data visualization software lies in its authentication procedures’ flaws, which allow unauthorized users to gain unauthorized access to read, modify, or delete data.

The vulnerability of Apache Superset’s data visualization software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending specially crafted request...

GHSA-V7VF-F5Q6-M899 .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applicatio...

CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

CVE-2024-44331

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...

CVE-2024-44331

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2024:3257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3257-1 advisory. - Update to version 1.4.4.20git3.e7ac6d87: - CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. bsc1225512 -...

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

AlmaLinux 9 : 389-ds-base (ALSA-2024:3837)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3837 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause crash a...

Improper Input Validation

actionpack is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of security headers for non-HTML content types, which allows an attacker to potentially bypass security restrictions by sending specially crafted requests that exploit the lack of these security...

CVE-2024-29205

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions...

CVE-2024-29205

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions...

CVE-2023-40545

Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...