CVE-2026-27853

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

CVE-2026-27853

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2025-10559

A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940

CVE-2026-30940 affects baserCMS prior to version 5.2.3. A path traversal flaw exists in the theme file management API at /baser/api/admin/bc-theme-file/theme_files/add.json, allowing an authenticated administrator to inject ../ sequences in the path and create a PHP file outside the theme directo...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

PT-2026-29452

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description An integer overflow existed in the Codecs component of Google Chrome. This allowed a remote attacker to potentially perform arbitrary read/write operations through a specially crafted...

Siemens SICAM 8 product suffers from an out-of-bounds write vulnerability

The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply.SICAM EGS Enhanced Grid Sensors is a gateway for local substations in the distribution network.The SICAM S8000 offers RTU functionality, PLCs, and communicatio...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability caused by a codec integer overflow, which could allow arbitrary read and write operations to be executed through specially crafted HTML pag...

DNSdist -- vulnerabilities

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...

trino 安全漏洞

Trino is a distributed SQL query engine developed by Trino in open source. There were security vulnerabilities in versions 439 to 480 of Trino. These vulnerabilities stemmed from static or temporary credentials in the Iceberg connector’s REST directory, which could be accessed by users with...

Dassault Systèmes DELMIA Factory Resource Manager 安全漏洞

Dassault Systèmes DELMIA Factory Resource Manager is a manufacturing execution software developed by Dassault Systèmes, a French company, used for modeling factory resources and planning production processes. The Dassault Systèmes DELMIA Factory Resource Manager versions from 3DEXPERIENCE R2023x ...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. An integer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE component to properly validate the length size of input data, which can be exploited ...