Overview A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA...
Read MoreOverview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized...
Read MoreOverview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small...
Read MoreOverview PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were...
Read MoreOverview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can...
Read MoreOverview nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is...
Read MoreOverview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such...
Read MoreOverview Retell AI’s API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social...
Read MoreOverview Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for...
Read MoreOverview A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these...
Read MoreOverview Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration,...
Read MoreOverview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules....
Read More