Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect initialization of iterator data by the radiotap parser. This could lead to the use ...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2019-25629

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...

CVE-2026-4736

Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H‎, nftbyteorder.C‎, nftmeta.C‎. This issue affects Echo-Mate: before V250329...

iCalendar has ICS injection via unsanitized URI property values

Summary .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding arbitrary calendar lines to the output. Details Icalendar::Values::Uri falls back to the raw input string when URI.parse fails and later serializes it with...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLim...

GO-2026-4784 Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values in github.com/mattermost/mattermost-plugin-msteams

Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values in github.com/mattermost/mattermost-plugin-msteams...

CVE-2019-25611

CVE-2019-25611 affects MiniFtp (miniftpd). The vulnerability is a stack buffer overflow in the function parseconf_load_setting triggered by oversized configuration values in miniftpd.conf (values >128 bytes). This can allow a local attacker to execute arbitrary code with root privileges. The i...

CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25611

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

PT-2026-26999

MiniFtp contains a buffer overflow vulnerability in the parseconf load setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwri...

MiniFtp 缓冲区错误漏洞

MiniFtp is a lightweight FTP server software developed by Arvin’s individual developer. MiniFtp has a buffer error vulnerability, which stems from a buffer overflow in the parseconfloadsetting function. This vulnerability could allow local attackers to execute arbitrary code by providing...

PT-2026-26914

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

PT-2026-26947

Name of the Vulnerable Software and Affected Versions WordPress Import and export users and customers plugin versions up to and including 1.29.7 Description The Import and export users and customers plugin for WordPress is susceptible to privilege escalation. This occurs because the save extra us...

CVE-2026-21732

CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the setderivedvalues function of the picparameterset component when processing a malformed H.265 PPS NAL unit. An attacker can cause a segmentation fault and crash the application by supplying specially...

UBUNTU-CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

EUVD-2026-13639

Qwik City has array method pollution in FormData processing allows type confusion and DoS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Range or Values summarizer, which renders raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious content...