287 matches found
CVE-2026-44066
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...
CVE-2026-44066
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...
EUVD-2026-31212
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...
Astra Linux - уязвимость в libxstream-java
XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream at unmarshalling time contained type information that allowed new instances to be created based on those type information. An attacker...
Astra Linux - уязвимость в libxstream-java
XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream at unmarshalling time contained type information that allowed new instances to be created based on those type information. An attacker...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017732)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017732 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017728)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017728 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host...
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...
CVE-2026-29781
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-29781
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-29781
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers
Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...
CVE-2026-26222
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
PT-2026-21780
Name of the Vulnerable Software and Affected Versions Altec DocLink version 4.0.336.0 Description The software has insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and...
CVE-2026-26221
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...
CVE-2026-26221
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...