366102 matches found
CVE-2025-70102
CVE-2025-70102 describes a NULL pointer dereference in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 during option parsing (parse_option in src/if-options.c:1886). The issue occurs when a NULL pointer of type struct dhcp_opt is accessed after an unexpected/invalid option token or parsing state y...
CVE-2026-36521
Technical details are not publicly available in the provided documents. Monitor for updates on PublicCMS V5.202506.d XSS in the site configuration management module.
CVE-2026-50877
CVE-2026-50877 affects Zhoros SuperBin v1.0.0. An attacker can trigger a directory traversal by supplying files whose names include traversal characters, potentially impacting file handling on the affected system. The vulnerability is reported with network attack vector, low complexity, no privil...
CVE-2026-50878
CVE-2026-50878 affects Feuerhamster MailForm v1.1.0 in its attachment handling component. The issue allows a crafted request to trigger a Denial of Service (DoS). CVSS v3.1 base score 7.5 (HIGH): Network attack vector, no privileges required, no user interaction, and impact limited to availabilit...
CVE-2026-50887
The provided documents confirm a Server-Side Request Forgery (SSRF) vulnerability in shlink v5.0.1. The flaw resides in the automatic short URL title resolution component and is exploitable by supplying a crafted longUrl, enabling an attacker to scan internal resources. No concrete remediation de...
CVE-2025-55661
Summary: CVE-2025-55661 concerns GPAC MP4Box v2.4, specifically its Opus audio stream parser. The issue is a heap buffer overflow in parsing Opus data, which can be triggered by processing a crafted MP4 file and may cause a Denial of Service. The threat is assessed locally (attack vector: local) ...
CVE-2025-55648
GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_opus_parse_packet_header (media_tools/av_parsers.c) that can cause a Denial of Service when a crafted MP4 file is processed. This is a DoS by exploiting a memory-protection flaw in the parser; CVSS notes a local attack with user interac...
CVE-2025-55650
GPAC MP4Box v2.4 is affected by a heap use-after-free in gf_node_get_tag (scenegraph/base_scenegraph.c) that enables Denial of Service via crafted MP4 files. Impact: availability DoS. Root cause: heap use-after-free. Affected component: GPAC MP4Box 2.4; vulnerability location: gf_node_get_tag in ...
CVE-2025-55645
GPAC MP4Box v2.4 is affected by a heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c). The issue can lead to Denial of Service when processing a crafted MP4 file. Affected component/file and root cause are stated in multiple sources; explicit exploit details or in-the-wi...
CVE-2026-50885
CVE-2026-50885 concerns Sismics Docs (Teedy) with version v1.11, where an incorrect access control flaw in the share-based read endpoints enables unauthorized attackers to access sensitive endpoints via a crafted request. The related advisories consistently describe limited information about root...
CVE-2025-55647
The CVE-2025-55647 entry concerns GPAC MP4Box v2.4. The vulnerability is an Out-of-Memory in mp4_mux_cenc_insert_pssh (filters/mux_isom.c) that allows a crafted MP4 file to cause a Denial of Service. Affected component is the mp4_mux_cenc_insert_pssh function; the root cause is memory exhaustion ...
CVE-2025-68713
Rakuten Send Anywhere for Android (com.estmob.android.sendanywhere, version 23.2.9) is affected. A vulnerability allows untrusted applications with no permissions to trigger arbitrary file downloads into the app’s scoped storage, with downloaded items appearing in the app’s trusted Received inter...
CVE-2026-50886
Summary: CVE-2026-50886 describes an access-control flaw in the webhook management component of Project Firefly III (version 6.5.9). The root cause is an incorrect access-control implementation, enabling an attacker to scan internal resources by sending a crafted POST request. Affected software: ...
CVE-2025-55652
GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...
CVE-2025-55663
GPAC MP4Box v2.4 is affected by a vulnerability in Track_SetStreamDescriptor (isomedia/track.c) where a malformed MP4 file can trigger a segmentation fault, leading to Denial of Service. The issue is caused by a segmentation violation inside Track_SetStreamDescriptor, enabling DoS via crafted inp...
CVE-2026-50872
The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...
CVE-2026-50876
The CVE-2026-50876 issue affects Deck9 Input v2.0.1 and is described as a cross-site scripting (XSS) vulnerability that allows attackers to run arbitrary web scripts or HTML via a crafted payload. The documented impact is limited to client-side script execution with low to moderate risk according...
CVE-2025-55660
The connected EUVD entry confirms a stack overflow in the function gf_opus_read_length (file media_tools/av_parsers.c ) of GPAC MP4Box v2.4 , enabling a Denial of Service (DoS) when processing a crafted MP4 file. The same CVE ID (CVE-2025-55660) is echoed across multiple sources (NVD, CVE lists, ...
CVE-2026-30121
The CVE refers to CVE-2026-30121 affecting Remotion v4.0.409, describing an arbitrary file write vulnerability. The connected sources consistently identify the issue as arbitrary file write in Remotion, but none provide concrete technical details such as vulnerable component/trigger, root cause, ...
CVE-2026-45390
CVE-2026-45390 affects OCaml-tar before 3.4.0. A crafted archive containing "../" segments in file names can escape the extraction directory, allowing arbitrary file writes outside the target path when decompression is reachable. The OSV/ENISA reports show the vulnerable function uses Filename.co...
CVE-2026-45389
Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...
CVE-2026-50883
CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...
CVE-2026-39118
Kandji Agent from Iru, Inc. (pre-4.7.5(5374)) contains a local privilege-escalation flaw driven by a client-validation gap that allows a local attacker to invoke restricted agent functionality. The CVSS metrics indicate HIGH impact across confidentiality, integrity, and availability with LOCAL at...
CVE-2026-38064
Affected product: Tenda 5G03 V05.03.02.04 (Version 1.0). Vulnerability: command injection in the function action_dial_call via the dialNumber parameter. Root cause/detail: not explicitly described beyond the command injection vector; connected sources confirm the same description across EUVD-2026...
CVE-2026-12197
The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...
CVE-2026-12193
VS Revo RevoUninstaller 2.5.x/2.6.x contains a heap-based overflow in IOCtl_Handler of RevoDetector.sys (IOCTL Handler). The vulnerability enables a local attack and is supported by publicly available exploit material. Upgrading to version 2.7.0 fixes the issue. If you rely on affected builds, ap...
CVE-2026-12192
GALAYOU Y4 Web Server 1.0.0 is affected by a buffer overflow in an unspecified Web Server function. The flaw enables local-network exploitation with no authentication required and affects confidentiality, integrity, and availability. Public exploit details are indicated in the CVE context, and th...
CVE-2026-12191
CVE-2026-12191 affects Comma AI Openpilot 0.11. The issue is a deserialization vulnerability in the pickle.loads/pickle.load usage inside selfdrive/modeld/modeld.py (Pickle Module). Exploitation requires local access. The CVSS metrics indicate high impact (confidentiality, integrity, availability...
CVE-2026-12190
The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...
CVE-2026-12189
The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...
CVE-2026-12188
Affected software: Grit42 Grit (up to 0.11.0). Vulnerable component: grit_entity_controller.rb (modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb) within GritEntityController. Issue: SQL injection triggered by manipulating a function in the controller; described as...
CVE-2026-12187
CVE-2026-12187 affects GL.iNet GL‑MT3000 devices running firmware up to 4.4.5. The vulnerability is in an unknown function of the /usr/bin/one_click_upgrade component (Online Firmware Upgrade Handler) that allows remote command injection. Public disclosure and PoC details are indicated; exploitat...
CVE-2026-12186
GL.iNet GL-MT3000 is affected up to firmware 4.4.5. The vulnerability resides in the Tor Proxy Service Configuration Handler, specifically the replace_country function in the library /usr/lib/oui-httpd/rpc/tor, where input manipulation enables remote command injection. The issue can be exploited ...
CVE-2026-54413
driftregion iso14229 up to 0.9.0 has an integer underflow in Handle_0x27_SecurityAccess() that enables a remote unauthenticated attacker to crash a UDS server and possibly read memory beyond the receive buffer by sending a 0x27 SecurityAccess request after a prior well-formed 0x27 message. The co...
CVE-2026-54412
CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...
CVE-2026-54411
Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...
CVE-2026-54410
nanoMODBUS (through v1.23.0) contains an off-by-one buffer overflow in the recv_msg_header() of the Modbus/TCP server. An unauthenticated remote attacker can craft an MBAP Length=255 to force writing one attacker-controlled byte past the 260-byte receive buffer, corrupting the adjacent state stru...
CVE-2026-11527
CVE-2026-11527 affects Perl Config::IniFiles prior to 3.001000. The vulnerability arises when _make_filehandle opens the -file argument with Perl’s 2-arg open(); untrusted input passed to -file can be treated as a command or redirect (e.g., starting/ending with |, or >/>>), enabling OS c...
CVE-2026-11526
The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...
CVE-2025-15546
The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...
CVE-2026-54421
CVE-2026-54421 affects OpenStack Ironic (through 35.0.1). A PATCH to update fields in volume properties, restricted to the user’s permissions, can disclose unredacted sensitive information (e.g., iSCSI credentials). The PATCH outcome is identified as a security issue; the POST outcome is not. Thi...
CVE-2026-54420
CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...
CVE-2026-12176
SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown function of the file /index.php when the action parameter is manipulated. The attack is remote and has been publicly disclosed . Exploit maturity is label...
CVE-2026-12175
CodeAstro Student Attendance Management System 1.0 is affected. The vulnerability resides in /attendance-php/Admin/createStudents.php where manipulating the admissionNumber parameter enables an SQL injection. It supports remote exploitation and the exploit is public. No remediation or patch detai...
CVE-2026-12174
CVE-2026-12174 affects D-Link DCS-935L firmware 1.10.01. The vulnerability is in the HTTP Handler’s function snprintf used by /web/cgi-bin/greece/rhea, allowing format-string manipulation. This can enable a remote attacker to exploit the flaw; public exploits have been disclosed. The available do...
CVE-2026-12183
CVE-2026-12183 affects Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1–2.10.2 on Linux. The vulnerability is an improper authentication (CWE-287) in the system configuration module: the /php/ajax-login.php endpoint can return userid=1 (administrator) for any HTTP POST w...
CVE-2026-6428
CVE-2026-6428 describes an SQL injection in Koha’s reports/catalogue_out.pl up to versions 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00. The vulnerability arises from a vulnerable sink that concatenate...
CVE-2026-5513
The Bookly WordPress plugin (Online Scheduling and Appointment Booking System) is vulnerable to Stored XSS in versions up to 27.2 via the bookly-customer-full-name cookie due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary scripts that execut...
CVE-2026-11624
The CVE-2026-11624 entry concerns the Model Context Protocol server where origin validation of the Origin header affects DNS rebinding risk. Before v0.25.0 there was no host validation; v0.25.0 introduces --allowed-hosts and --allowed-origins flags to specify permitted hosts at startup. Both flag...
CVE-2026-1291
CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...