3702 matches found
HP Tru64 UNIX "lprm" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lprm" contains a locally exploitable buffer overflow. Description "lprm" is used to remove requests from a printer spool queue. A locally exploitable buffer overflow in "lprm" may permit a local attacker to gain elevated privileges and execute arbitra...
HP Tru64 UNIX "ypmatch" contains buffer overflow (SSRT2277)
Overview The HP Tru64 UNIX implementation of "ypmatch" contains a locally exploitable buffer overflow. Description "ypmatch" is used to print the value of keys from an NIS map. A locally exploitable buffer overflow in ypmatch may permit a local attacker to gain elevated privileges and execute...
Microsoft WinRE allows for bypass of UEFI/BIOS password enforcement
Overview Microsoft Windows Recovery Environment WinRE provides a mechanism for recovering and repairing Windows systems using an alternate boot environment. Under certain platform implementations, access to WinRE may allow an attacker to bypass firmware security controls, including...
crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints
Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature...
Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser
Overview Radware Alteon has a reflected Cross-Site Scripting XSS vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting XSS vulnerability in...
SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...
Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"
Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful...
A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...
MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...
TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service
Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...
Cross-site scripting vulnerability in Lectora course navigation
Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...
Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...
SMM Memory Corruption Vulnerability in the AMI Aptio's SMM Module Across Multiple Devices
Overview System Management Mode SMM memory corruption vulnerabilities have been identified in UEFI modules present in AMI Aptio UEFI firmware. An attacker could exploit this vulnerability to elevate privileges and execute arbitrary code in the highly privileged SMM environment. Users should apply...
Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
Overview Digigrams PYKO-OUT audio-over-IP AoIP product is used for audio decoding and intended for various uses such as paging, background music, live announcements and others. It has hardware compatibility with two analog mono outputs and a USB port for storing local playlists. The product does...
UMN Gopher vulnerable to buffer overflow via overly long "+VIEWS:"
Overview The University of Minnesota Gopher client may be vulnerable to a buffer overflow when handling overly long "+VIEWS:" reply messages sent from a malicious server. Description The UMN Gopher suite includes a Gopher client for navigating Gopherspace. However, the Gopher client may incorrect...
Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability
Overview An unspecified error in Cisco Internetwork Operating System IOS could allow a remote attacker to cause a denial of service. Description Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony...
HP Tru64 UNIX "dxpause" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxpause" contains a locally exploitable buffer overflow. Description "dxpause" is used to lock a display. A locally exploitable buffer overflow in "dxpause" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0
Overview Two vulnerabilities have been identified in FastStone Image Viewer 8.3 that may allow remote code execution or control-flow corruption when processing specially crafted image files. The affected components include the JPEG 2000 JP2 parser and the PSD file parser. An attacker can exploit...
Hard coded credentials vulnerability in GoHarbor's Harbor
Overview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor initializes with...
Graphql-upload-minimal has a prototype pollution vulnerability.
Overview Version 1.6.1 of the Flash Payments package graphql-upload-minimal is vulnerable to prototype pollution. This vulnerability, located in the processRequest function, allows an attacker to inject special property names into the operations.variables object and pollute global object...
CASL Ability contains a prototype pollution vulnerability
Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...
dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file
Overview drflac, an open-source FLAC audio decoder, part of the drlibs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service DoS when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses drflac a...
Code injection vulnerability in binary-parser library
Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...
Vulnerable Python version used in Forcepoint One DLP Client
Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore...
Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability
Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account...
Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification
Overview PCI Express Integrity and Data Encryption PCIe IDE, introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local...
Fluent Bit contains five vulnerabilities, including stack buffer overflow, auth bypass, and path traversal
Overview Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for authentication bypass, remote code execution RCE and denial of service DoS...
Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation
Overview Wolfram Cloud version 14.2 allows Java Virtual Machine JVM unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary...
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...
Multiple Password Managers Vulnerable to Clickjacking Attacks
Overview Browser-extension password managers, which autofill sensitive information on websites, can be exposed to various clickjacking attacks. These attacks exploit the trust relationship between a web page and the user-interface elements injected by the extension. Recent studies show that...
TP-Link Archer C50 router is vulnerable to configuration-file decryption
Overview The TP-Link Archer C50 router, which has reached End-of-Life EOL, contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other...
PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
Overview PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, potentially achieving arbitrary code execution. In response, SinaptikAI has implemented...
Tenda firmware (multiple versions) contains hidden authentication backdoor
Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...
TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet
Overview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small businesses and home implementations. The AX1800 routers are popular with users...
Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read
Overview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memor...
Insufficient Session Cookie Invalidation in nopCommerce ASP.NET Core eCommerce Platform
Overview nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is extremely similar to CVE-2019-7215. The session cookie can be obtained...
Forge JavaScript library impacted by a vulnerability in signature verification.
Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...
Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function
Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...
Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...
NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation
Overview A major npm supply chain compromise was disclosed by the software supply chain security company Socket on September 15, 2025. At the time of writing, over 500 packages have been affected, and the number continues to grow. The attack involves a self-propagating malware variant dubbed...
Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism
Overview The Amp’ed RF BT-AP 111 Bluetooth Access Point exposes an HTTP-based administrative interface without authentication controls. This allows an unauthenticated remote attacker to gain full administrative access to the device. Description The Amp’ed RF BT-AP 111 is a Bluetooth-to-Ethernet...
Sun Java System Portal Server fails to properly handle changes to display options
Overview There is a vulnerability in the Sun Java System Portal Server, which could allow a remote, authenticated user to gain access to the administrative credentials of the Calendar server. Description The Sun Java System Portal Server is a content management system that provides centralized...
PayRange Android app version 7.0.7 contains multiple vulnerabilities
Overview PayRange is a mobile payment app that allows users to pay for vending machines, laundromats, and other unattended machines using a smartphone with Bluetooth. Two vulnerabilities were discovered in version 7.0.7 of the PayRange app that is available in the Google Play store. Description A...
Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-Cheat
Overview The GamersFirst Anti-Cheat GFAC driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input through a minifilter communication port. A local attacker can abuse these flaws to perform arbitrar...
Vendor-signed UEFI applications found vulnerable to Secure Boot bypass
Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...
DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information
Overview A vulnerability in cross-origin resource sharing CORS headers in Chromium, Google Chrome, Microsoft Edge, Safari, and Firefox enables the CORS policy to be manipulated. Combined with a DNS rebind, an attacker can send arbitrary requests to services listening on arbitrary ports regardless...
Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface
Overview A remote code execution RCE vulnerability was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Drayteck. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to inject arbitrary commands through memory...
Elevated Privileges and Arbitrary Code Execution issues in Sunshine for Windows v2025.122.141614
Overview Two local security vulnerabilities have been identified in Sunshine for Windows, version v2025.122.141614 and likely prior versions. These issues could allow attackers to execute arbitrary code and escalate privileges on affected systems. Description Sunshine is a self-hosted game stream...
Xerte Online Toolkit contains an authentication bypass that allows for RCE
Overview Two vulnerabilities have been discovered in Xerte Online Toolkits, an open-source e-learning authoring toolsuite intended for the creation of learning materials within a web browser. CVE-2026-14261 tracks the persistence of the /setup/ directory after installation, which allows an...
Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls
Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...