110 matches found
PT-2026-31684
Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may experience a panic when a flags-typed component model value is lifted with the Val type. This occurs if bits are set outside the...
Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI
Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497
TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...
EUVD-2019-19719
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
PT-2026-22361
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
Doditsolutions Homey BNB SQL注入漏洞
Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the val parameter being susceptible to SQL injections, which may allow unverified attackers to...
EUVD-2025-80084
Malicious code in waldo-wallet-val npm...
MAL-2025-110650 Malicious code in waldo-wallet-val (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8397fb5436e0bf8164d9bfde11b73721649d47b5824daa265bac1944d2a44ee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-80148
Malicious code in val-soluble-pot npm...
Malicious code in waldo-wallet-val (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8397fb5436e0bf8164d9bfde11b73721649d47b5824daa265bac1944d2a44ee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-32826
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...
EUVD-2018-2165
Malware in sbrugna...
CVE-2022-50407
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...
CVE-2022-50407
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...
CVE-2022-50407
The CVE-2022-50407 entry concerns the Linux kernel crypto: hisilicon/qm component, where the code path allocates a small local buffer for a QoS value and uses sscanf without validating destination length, enabling a stack overflow. Public documents in connected sources confirm the issue and descr...