13002 matches found
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...
EUVD-2022-49110
Open Babel has out-of-bounds write in MOPAC translationVectors UNIT CELL TRANSLATION...
GHSA-55F6-PF8R-C2F4 Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)
Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "UNIT CELL TRANSLATION" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the UNIT CELL...
GHSA-F8H2-C479-VQXF Open Babel has out-of-bounds write in MSI translationVectors[]
Summary A memory-safety vulnerability in Open Babel's MSI parser allowed an out-of-bounds write into the translationVectors array when reading a crafted input file. Details The MSI reader stored cell translation vectors into a fixed-size translationVectors array. A malformed input could push more...
GHSA-MJMG-352J-F456 Open Babel has out-of-bounds write in MOPAC IN translationVectors[] (Tv atom)
Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the translationVectors array when reading Tv translation-vector atoms from a crafted input file. Details The MOPAC IN reader stored Tv-atom translation vectors into a fixed-size...
GHSA-7H6R-6P76-68C9 Open Babel has out-of-bounds write in MOPAC translationVectors[] (FINAL POINT)
Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "FINAL POINT" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the FINAL POINT block into a...
GHSA-JG3H-PV7C-4F9C Open Babel has out-of-bounds write in Gaussian translationVectors[]
Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write into the translationVectors array when reading a crafted input file. Details The Gaussian reader stored periodic-cell translation vectors into a fixed-size translationVectors array. A...
EUVD-2026-39592
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
CVE-2026-9220
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
CVE-2026-9220
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
CVE-2026-9220
The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...
CVE-2026-53067
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc pciepfallocdoorbell stores the allocated doorbell message array in epf-dbmsg/epf-numdb before requesting MSI vectors. If MSI allocation fails, the array is free...
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
Gogs's write-level collaborators can mutate admin-only repository settings via API
Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...
Important: postgresql
Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...
Exploit for CVE-2019-5513
VMware Horizon /broker/xml Vulnerability Scanner !Security...
CVE-2026-11347
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...
CVE-2025-13167
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...