92 matches found
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
Am I affected? You are affected if all of the following are true: - You use better-auth at a version = 1.6.0, 1.6.11. - The deviceAuthorization plugin is enabled in your auth config deviceAuthorization in your plugins array. - A third party can observe a pending user code before the legitimate us...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
EUVD-2026-29504
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
CVE-2026-34937
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.11 contained security vulnerabilities. These vulnerabilities were due to approval integrity issues. When precise file binding was not possible, attackers could modify scripts...
CVE-2019-25484
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
EUVD-2019-19762
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
CVE-2019-25484
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
CVE-2019-25484
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
CVE-2019-25484 WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
CVE-2019-25484
CVE-2019-25484 — WinMPG iPod Convert 3.0 suffers a buffer overflow in the Register dialog. The flaw allows local attackers to crash the application by supplying an oversized payload, e.g., a large string in the User Name and User Code fields, resulting in a denial of service. The issue is localiz...
CVE-2019-25484 WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
PT-2026-24778
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...
CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
Langflow code injection vulnerability
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which stems from a lack of validation for the strings provided by users when processing code parameters. This vulnerability may lead...
CVE-2023-45616
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of this vulnerabilit...
CVE-2025-61806
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
PT-2025-41313
Name of the Vulnerable Software and Affected Versions Web Developer for Chrome versions prior to 0.5.0 Description The Web Developer for Chrome extension contained malicious code that generated a domain using a domain generation algorithm DGA and retrieved a remote script. This script loaded...
EUVD-2018-18902
Malware in sbrugna...
EUVD-2018-4126
Malware in sbrugna...