Overview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small...
Read MoreOverview PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were...
Read MoreOverview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can...
Read MoreOverview nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is...
Read MoreOverview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such...
Read MoreOverview Retell AI’s API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social...
Read MoreOverview Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for...
Read MoreOverview A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these...
Read MoreOverview Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration,...
Read MoreOverview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules....
Read MoreOverview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow...
Read MoreOverview Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources....
Read More