Aggregator

Submit #790288 / VDB-358244

A vulnerability labeled as problematic has been found in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. This vulnerability is reported as CVE-2026-6608. The attack can be launched remotely. Moreover, an exploit is present. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

A vulnerability identified as problematic has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. This vulnerability is documented as CVE-2026-6607. The attack can be initiated remotely. Additionally, an exploit exists. It is suggested to install a patch to address this issue. Commit ff66426 patched this issue in api_generate of base_model_worker.py and did miss other entry points.

Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. [...]

A vulnerability, which was classified as critical, has been found in IBM HomePagePrint 1.0.7 on Win 98. Affected by this issue is some unknown functionality of the component HTML Tag Handler. The manipulation of the argument IMG SRC leads to memory corruption. This vulnerability is traded as CVE-1999-1531. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Computer Software Manufaktur Alibaba 2.0. This affects an unknown part of the component CGI Handler. The manipulation results in improper privilege management. This vulnerability is known as CVE-1999-0885. Attacking locally is a requirement. Furthermore, an exploit is available. You should upgrade the affected component.

A vulnerability was found in Cisco Router and classified as problematic. This issue affects some unknown processing of the component NAT. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-1999-0843. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Microsoft Windows NT 4.0. It has been rated as problematic. The impacted element is an unknown function of the file Spoolss.exe of the component Print Spooler. The manipulation as part of Spooler Request leads to memory corruption. This vulnerability is referenced as CVE-1999-0898. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Palm Pilot HotSync Manager 3.0.4 on Win 98. This impacts an unknown function of the component Network Mode. This manipulation causes memory corruption. This vulnerability is tracked as CVE-1999-1065. The attack is possible to be carried out remotely. No exploit exists. It is advisable to implement restrictive firewalling.

A vulnerability, which was classified as problematic, was found in FreeBSD 3.3. Impacted is an unknown function of the component seyon. Such manipulation of the argument Home as part of Environment Variable leads to memory corruption. This vulnerability is traded as CVE-1999-0863. An attack has to be approached locally. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Sun Cobalt RaQ 2.0 and classified as problematic. The affected element is an unknown function of the file cgiwrap of the component User Handler. Performing a manipulation results in improper privilege management. This vulnerability is known as CVE-1999-1530. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Internic Whois Lookup 1.0. It has been declared as critical. This impacts an unknown function of the file whois.cgi of the component Domain Entry Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-1999-0983. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Matt Whois 1.0. It has been rated as critical. Affected is an unknown function of the file whois.cgi of the component Domain Entry Handler. This manipulation as part of Metacharacter causes improper privilege management. The identification of this vulnerability is CVE-1999-0984. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Debian nfs-utils up to 1.0.3. Impacted is the function xlog. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-1999-0832. It is possible to launch the attack remotely. Furthermore, an exploit is available. You should upgrade the affected component.

Submit #792228 / VDB-358243

Submit #792227 / VDB-358242

2025网信自主创新调研报告 by ourren

2025中国电子学会科学技术奖成果描述 by ourren

更多最新文章，请访问SecWiki

A vulnerability has been found in Xen and classified as critical. This vulnerability affects unknown code of the component Linux privcmd Driver. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-31788. The attack can only be initiated within the local network. No exploit exists. It is suggested to install a patch to address this issue.

展示了攻击者已经具备了针对工业控制系统进行精准攻击的能力。

Новый инструмент Quinex выпотрошит научные архивы и вытащит скрытые цифры.