19 matches found
CVE-2026-44504
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
EUVD-2025-209825
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
Striso Control Firmware 安全漏洞
Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...
CVE-2025-28343
CVE-2025-28343 affects striso-control-firmware 54c9722. The issue is a buffer overflow in the function ThreadReadButtons. CVSSv3.1 base score 7.5 (HIGH): attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction NONE, with confidentiality and integrity not impacted ...
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
CVE-2025-28343
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
PT-2026-40702
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
EUVD-2026-19734
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.212 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint GET...
PT-2026-30895
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversation id/thread id does not require authentication and does not validate whether the given thread id belongs to the given conversation id. This allows any...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003931)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003931 advisory. In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000294)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000294 advisory. In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no...
Mattermost Lack of Access Control Validation
Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...
Linux Distros Unpatched Vulnerability : CVE-2019-2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with...
DEBIAN-CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...
UBUNTU-CVE-2019-2025
In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...