CVE-2026-22318

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

EUVD-2026-16201

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

CVE-2026-26008

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

CVE-2026-26008

The CVE concerns EVerest EV charging software stack. Versions before 2026.02.0 expose an out-of-bounds access in a std::vector triggered by UpdateAllowedEnergyTransferModes over the network via CSMS, enabling possible remote crash or memory corruption. The issue affects the affected releases prio...

CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

HTTP Request Smuggling

Next.js is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of Transfer-Encoding: chunked and Content-Length headers during proxy rewrites, which allows an attacker to craft malicious DELETE/OPTIONS requests and smuggle unauthorized requests to unintended backen...

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a buffer error vulnerability. This vulnerability stems from the function ISO15118chargerImpl::handleupdateenergytransfermodes, which copies a variable-leng...

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

EUVD-2026-14488

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion...

GHSA-8X77-F38V-4M5J AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

Incorrect Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Incorrect Authorization in the authorization for video management operations. An attacker can gain unauthorized access to modify or delete any video, alter content...

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

UBUNTU-CVE-2026-23307

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

PT-2026-27778

Name of the Vulnerable Software and Affected Versions N2WS Backup & Recovery versions prior to 4.4.0 Description A two-step attack against the RESTful API can lead to remote code execution. The attack targets the API, potentially allowing an attacker to execute arbitrary code on the system. The A...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GVfs vulnerabilities (USN-8114-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8114-1 advisory. It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A maliciou...

CVE-2026-28753

A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngxmailsmtpmodule. This vulnerability allows an attacker-controlled DNS Domain Name System server to inject arbitrary headers into SMTP Simple Mail Transfer Protocol upstream requests. This is due to the improper handli...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

🔐 Pentest Lab — Metasploitable2 📋 Description Premier lab...