CVE-2026-24819 - An out-of-memory (OOM) issue in foxinmy/weixin4j
CVE ID : CVE-2026-24819
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24819
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24820 - A stack overflow vulnerability in turanszkij/WickedEngine
CVE ID : CVE-2026-24820
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24820
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24821 - A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
CVE ID : CVE-2026-24821
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24821
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24822 - a heap-based buffer overflow vulnerability in ttttupup/wxhelper via src/mongoose.
CVE ID : CVE-2026-24822
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24822
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24823 - A heap-based buffer over-read or buffer overflow vulnerability in FASTSHIFT/X-TRACK
CVE ID : CVE-2026-24823
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24823
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24824 - A XSS in yacy/yacy_search_server
CVE ID : CVE-2026-24824
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy_search_server.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24824
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy_search_server.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24825 - a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash.
CVE ID : CVE-2026-24825
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C. This issue affects ydb: through 24.4.4.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24825
Published : Jan. 27, 2026, 9:15 a.m. | 2 hours, 44 minutes ago
Description : Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C. This issue affects ydb: through 24.4.4.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1467 - Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
CVE ID : CVE-2026-1467
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1467
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21417 - Dell CloudBoost Virtual Appliance Plaintext Storage of Password Elevation of Privileges
CVE ID : CVE-2026-21417
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21417
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24345 - Cross-Site Request Forgery in EZCast Pro II Dongle
CVE ID : CVE-2026-24345
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24345
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24346 - Use of well-known default credentials in EZCast Pro II Dongle
CVE ID : CVE-2026-24346
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24346
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24347 - Arbitrary file write to /tmp directory in EZCast Pro II Dongle
CVE ID : CVE-2026-24347
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24347
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24348 - Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle
CVE ID : CVE-2026-24348
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24348
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24826 - Out-of-bounds write in turso3d
CVE ID : CVE-2026-24826
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24826
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24827 - Out-of-bounds write in Commander-Genius
CVE ID : CVE-2026-24827
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24827
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24828 - Memory leak in is-Engine
CVE ID : CVE-2026-24828
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24828
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24829 - Out-of-bounds write in is-Engine
CVE ID : CVE-2026-24829
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24829
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24830 - Integer Overflow or Wraparound in IronOS
CVE ID : CVE-2026-24830
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24830
Published : Jan. 27, 2026, 10:15 a.m. | 1 hour, 44 minutes ago
Description : Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41726 - Beckhoff: Arbitrary code execution within privileged processes
CVE ID : CVE-2025-41726
Published : Jan. 27, 2026, 11:35 a.m. | 24 minutes ago
Description : A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41726
Published : Jan. 27, 2026, 11:35 a.m. | 24 minutes ago
Description : A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41727 - Beckhoff: Performing privileged operations and gaining administrator access
CVE ID : CVE-2025-41727
Published : Jan. 27, 2026, 11:36 a.m. | 23 minutes ago
Description : A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41727
Published : Jan. 27, 2026, 11:36 a.m. | 23 minutes ago
Description : A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41728 - Beckhoff: Information leak via Beckhoff Device Manager
CVE ID : CVE-2025-41728
Published : Jan. 27, 2026, 11:37 a.m. | 22 minutes ago
Description : A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41728
Published : Jan. 27, 2026, 11:37 a.m. | 22 minutes ago
Description : A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...