CVE-2026-24108

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...

CVE-2026-24113

CVE-2026-24113 affects Tenda W20E V4.0br_V15.11.0.6. The issue arises when the nptr value is passed to getMibPrefix and concatenated with sprintf without proper size validation, enabling a buffer overflow. The vulnerability is described as a critical, network-accessible issue (CVSS 3.1: AV:N/AC:L...

EUVD-2021-29507

Malicious code in bioql PyPI...

CVE-2021-42639

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization...

UBUNTU-CVE-2024-8932

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

PT-2024-28675 · Unknown · Microscada Pro/X Sys600

Name of the Vulnerable Software and Affected Versions: MicroSCADA Pro/X SYS600 affected versions not specified Description: The product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited, this issue allows the attack...

The vulnerability of the LDAP URL parser component in the Apache Directory LDAP API software allows a malicious actor to cause service failure.

The vulnerability of the LDAP URL parser component in Apache Directory LDAP API is related to the lack of control over the data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2022-25871

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...

Insyde InsydeH2O 安全特征问题漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. insydeH2O Int15MicrosoftSmm has a security feature issue vulnerability that stems from uncontrolled input t...

CVE-2021-42538

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

CVE-2021-42538

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

Input validation

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

CVE-2021-42538 Emerson WirelessHART Gateway

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation

Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...

Дырка в modutils

Неконтролируемый ввод пользователя позволяет вызов внешней программы...