Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...

PT-2025-40880

Name of the Vulnerable Software and Affected Versions versions prior to 8.0 Description A crafted animation can trigger a use-after-free write during SANM decoding. This occurs when a STOR chunk is followed by an FOBJ chunk, and the frame has an invalid size. The code attempts to decode a frame...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

PT-2023-23363 · Seqrite · Seqrite Endpoint Security

Name of the Vulnerable Software and Affected Versions: Seqrite Endpoint Security EPS versions prior to 8.0 Description: The issue is related to incorrect access control, allowing attackers to escalate privileges to root by supplying a crafted binary to the target system. Recommendations: For...