1630 matches found
Intelbras WIN 300/WRN 342 - Credentials Disclosure
Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...
CVE-2026-59856
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...
CVE-2026-29007
CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...
CVE-2026-7828
UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...
CVE-2026-46655
A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap...
Malicious Package
Overview ecto-spirit-win-k4n8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in ecto-spirit-win-k4n8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8082c12f69dfbb45e83017fa0baf4f88f9500649dd443e80f2d7d4f858020814 The package ships a postinstall.js that imports childprocess and references HTTP GET and hostname operations. Without traced-code corroboration of ho...
Malicious code in ecto-win-flag-q2m7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6344042aff547b32cf30bc456be25e1229f921217ec0d6777f470174df10792 On npm install, postinstall.js executes a harvest-and-exfiltrate chain against the installer's machine. It reads files under /app, /root, and...
Malicious Package
Overview ecto-win-flag-q2m7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5692 Malicious code in ecto-win-flag-q2m7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6344042aff547b32cf30bc456be25e1229f921217ec0d6777f470174df10792 On npm install, postinstall.js executes a harvest-and-exfiltrate chain against the installer's machine. It reads files under /app, /root, and...
MAL-2026-5691 Malicious code in ecto-spirit-win-k4n8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8082c12f69dfbb45e83017fa0baf4f88f9500649dd443e80f2d7d4f858020814 The package ships a postinstall.js that imports childprocess and references HTTP GET and hostname operations. Without traced-code corroboration of ho...
CVE-2026-45601
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-42911
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-42911
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-34335
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...
CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
PT-2026-47865
Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A use after free issue in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Use after free i...