CVE-2025-70956

Summary of CVE-2025-70956 (TON TVM) : A State Pollution vulnerability exists in TON’s Virtual Machine (TVM) prior to v2025.04, in RUNVM’s VmState::run_child_vm. The code moves critical resources (libraries and logs) from the parent to a new child VM in a non-atomic fashion. If an Out-of-Gas (OOG)...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2019-25329

FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...

CVE-2019-25332

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows arbitrary code execution by overwriting the EIP register through a crafted command input; a 4108-byte payload can overwrite memory and execute shellcode. CVSS metrics indicate impact and exploitability (CVSS v4.0: ba...

CVE-2019-25329 FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...

CVE-2019-25321

CVE-2019-25321 affects FTP Navigator 8.03, where a stack overflow can be triggered by crafting a payload into the Custom Command textbox, allowing an attacker to overwrite Structured Exception Handler (SEH) registers and execute arbitrary code. The PoC demonstrates remote code execution, with a c...

CVE-2025-55210

CVE-2025-55210 affects FreePBX PBX API (module api) prior to 17.0.5 and 16.0.17. The issue allows privilege escalation for authenticated users with REST/GraphQL API access by forging a valid JWT signed with the api-oauth.key private key and arbitrary scopes. The token will be accepted only if its...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

Open TFTP Server MultiThreaded 安全漏洞

Open TFTP Server MultiThreaded is a TFTP protocol file transfer tool developed by achaldhir as an individual developer. Version 1.7 of Open TFTP Server MultiThreaded contains a security vulnerability. This vulnerability stems from a heap buffer overflow in the processRequest function, which may...

PT-2026-7890

Name of the Vulnerable Software and Affected Versions Open TFTP Server MultiThreaded version 1.7 Description A heap buffer overflow exists in the processRequest function of Open TFTP Server MultiThreaded. This issue can be triggered by sending a crafted DATA packet, potentially leading to a Denia...

PT-2026-7921

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remot...

PT-2026-7931

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remot...

CVE-2026-25497

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...

PT-2026-7601

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with...

PT-2026-7822

CVE-2026-25975 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2026-25975 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization that allows access to SSH services. It can execute remote commands, transfer files, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper handling of...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, transfer files, and provide a secure transmission channel for remote programs. libssh has a security vulnerability that stems from malformed SFTP messages,...

Craft CMS: GraphQL Asset Mutation Privilege Escalation

There is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not...

CVE-2026-25497

CVE-2026-25497 : Privilege escalation in Craft CMS GraphQL API affecting versions 4.0.0-RC1 through before 4.17.0-beta.1 and 5.9.0-beta.1. An authenticated user with write access to one asset volume can escalate privileges and modify/transfer assets across volumes, including private or restricted...

CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...