Libssh: libssh: denial of service due to malformed sftp message

...

curl: FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse

Summary A malicious FTP server can embed byte 0xFF Telnet IAC in the PWD response path. The ISCNTRL filter at lib/ftp.c:3095 expands to ISLOWCNTRLx || IS7Fx, which is unsigned charx entrypath line 3131 and sent verbatim via CWD %s on connection reuse line 849. I understand the KNOWNRISK.md and...

EUVD-2018-21760

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

CVE-2018-25254

CVE-2018-25254 affects NICO-FTP 3.0.1.19. The vulnerability is a structured exception handler (SEH) buffer overflow in the FTP service that allows remote code execution when an attacker sends crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handle...

CVE-2018-25254 NICO-FTP 3.0.1.19 Buffer Overflow SEH

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...

SUSE CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

WordPress Royal Elementor Addons plugin <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via REST API Meta Bypass vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...

CVE-2026-34831

A flaw was found in Rack. A remote attacker can exploit this vulnerability by requesting a non-existent path containing percent-encoded UTF-8 characters. This causes Rack::Filesfail to incorrectly calculate the Content-Length header, using Stringsize instead of Stringbytesize for multibyte...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the processing of HTML email content when handling the background attribute of the BODY element. An attacker can cause information disclosure or bypass access controls by sending a speciall...

EUVD-2026-18961

Electron: Context Isolation bypass via contextBridge VideoFrame transfer...

GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

EUVD-2026-18388

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads...

CVE-2025-15620 HiOS Switch Platform Denial-of-Service via Web Interface

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...

HTTP Fetch, Generic x86 Debug Trap

Fetch and execute an x86 payload from an HTTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/windows/http/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...