Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.5 views

(Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hkhappairstorageput function of the HomeKit implementation, which liste...

8.8CVSS6.2AI score0.00485EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.4 views

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

7.8CVSS6.2AI score0.00472EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.5 views

(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519signopen function. The issue results from improper verification ...

6.3CVSS6.1AI score0.0029EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.6 views

(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accesso...

8.1CVSS5.8AI score0.00396EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.6 views

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS...

7.8CVSS6.2AI score0.00421EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of hub server URLs. By providing a crafted URL, an attacker ca...

4.4CVSS5.8AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00295EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.5 views

Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Scheduled Update feature. By providing a crafte...

4.4CVSS5.8AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...

5CVSS6.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

8.1CVSS6AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Manual Update feature. By providing a crafted...

4.4CVSS5.8AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.9 views

Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00357EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.9 views

Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00544EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

7.3CVSS6.1AI score0.00226EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.6 views

LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LangChain LangGraph. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BaseCache class. The issue results from the lack of proper validation of...

8.1CVSS6.3AI score0.00698EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.8 views

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

9.8CVSS6.3AI score0.03754EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.5 views

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

8.1CVSS6AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.4 views

(Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Music Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatelibraryitem method. The issue results from the lack of proper...

8.8CVSS6.3AI score0.01447EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00301EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.5 views

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

9.8CVSS6.3AI score0.03811EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00323EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 5814 by...

7.3CVSS6AI score0.00953EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.5 views

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeClaudeCode method. The issue results from the lack of...

9.8CVSS6.2AI score0.01628EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.6 views

Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration ...

7.8CVSS6.1AI score0.00238EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.7 views

(Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of WebSocket headers. The issue results fro...

6.5CVSS5.6AI score0.00348EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.5 views

(Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within device authentication. The issue results from continuing to...

5.3CVSS5.4AI score0.00401EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.7 views

(Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability

This vulnerability allows network-adjacent attackers to downgrade the communication protocol on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discovery protocol. The issue results from the lack...

5.4CVSS5.6AI score0.00401EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.7 views

Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration ...

7.8CVSS6.1AI score0.00238EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.4 views

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of the ticket parameter provided to the collaboration endpoint. The issue resul...

7.5CVSS5.5AI score0.03929EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.6 views

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP po...

6.3CVSS5.6AI score0.00388EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.5 views

Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handli...

6.5CVSS5AI score0.00186EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/23 12:0 a.m.6 views

Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS5.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.8 views

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate...

7.3CVSS6AI score0.00258EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

7.8CVSS6.3AI score0.00287EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

7.8CVSS6.3AI score0.00369EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.8CVSS6.2AI score0.00199EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.8 views

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The...

7.8CVSS6.2AI score0.00566EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.3 views

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The...

7.8CVSS6.2AI score0.00972EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.5 views

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The...

7.8CVSS6.2AI score0.00622EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

5.5CVSS5.8AI score0.00319EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.5 views

MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...

9.8CVSS6.3AI score0.00968EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.8CVSS6.2AI score0.00199EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.7 views

Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

7.8CVSS6.3AI score0.00369EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.5 views

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. Th...

7.8CVSS6.2AI score0.0062EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.8CVSS6.2AI score0.00199EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins...

7CVSS6.2AI score0.00252EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.8 views

Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS6.2AI score0.00214EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/18 12:0 a.m.7 views

Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.2AI score0.00215EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/18 12:0 a.m.8 views

Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.2AI score0.00211EPSS
Exploits0References1
Total number of security vulnerabilities16763