Aggregator

CVE-2019-25603 | TuneClone 2.20 SEH out-of-bounds write (Exploit 47012 / EDB-47012)

3 days 6 hours ago

A vulnerability was found in TuneClone 2.20. It has been classified as critical. Affected by this issue is some unknown functionality of the component SEH Handler. This manipulation causes out-of-bounds write. This vulnerability is handled as CVE-2019-25603. It is possible to launch the attack on the local host. Additionally, an exploit exists.

vuldb.com

CVE-2019-25599 | Nsauditor Backup Key Recovery 2.2.4 Registration Name return of pointer value outside of expected range (Exploit 46750 / EDB-46750)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability was found in Nsauditor Backup Key Recovery 2.2.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name results in return of pointer value outside of expected range. This vulnerability is known as CVE-2019-25599. Attacking locally is a requirement. Furthermore, an exploit is available.

vuldb.com

CVE-2019-25591 | nsauditor DNSS Domain Name Search Software 2.1.8 Registration Name/Key out-of-bounds write (Exploit 46831 / EDB-46831)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability has been found in nsauditor DNSS Domain Name Search Software 2.1.8 and classified as critical. Affected is an unknown function of the component Registration Handler. The manipulation of the argument Name/Key leads to out-of-bounds write. This vulnerability is traded as CVE-2019-25591. An attack has to be approached locally. Furthermore, there is an exploit available.

vuldb.com

CVE-2019-25605 | Play EquityPandit 1.0 Forgot Password improper authorization of index containing sensitive information (Exploit 46933 / EDB-46933)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability, which was classified as problematic, was found in Play EquityPandit 1.0. This impacts an unknown function of the component Forgot Password Handler. Executing a manipulation can lead to improper authorization of index containing sensitive information. This vulnerability appears as CVE-2019-25605. The physical device can be targeted for the attack. In addition, an exploit is available.

vuldb.com

CVE-2019-25598 | Heidisql Portable 10.1.0.5464 Password out-of-bounds write (Exploit 46749 / EDB-46749)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability, which was classified as critical, has been found in Heidisql Portable 10.1.0.5464. This affects an unknown function. Performing a manipulation of the argument Password results in out-of-bounds write. This vulnerability is reported as CVE-2019-25598. The attack requires a local approach. Moreover, an exploit is present. It is advisable to upgrade the affected component.

vuldb.com

CVE-2019-25592 | Xlinesoft PHPRunner 10.1 dashboard name overlap between protected memory ranges (Exploit 46824 / EDB-46824)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability classified as problematic was found in Xlinesoft PHPRunner 10.1. The impacted element is an unknown function. Such manipulation of the argument dashboard name leads to improper handling of overlap between protected memory ranges. This vulnerability is documented as CVE-2019-25592. The attack needs to be performed locally. Additionally, an exploit exists.

vuldb.com

CVE-2019-25600 | UltraVNC Viewer 1.2.2.4 VNC Server out-of-bounds write (Exploit 46702 / EDB-46702)

VulDB Recent Entries

3 days 6 hours ago

A vulnerability classified as critical has been found in UltraVNC Viewer 1.2.2.4. The affected element is an unknown function. This manipulation of the argument VNC Server causes out-of-bounds write. This vulnerability is registered as CVE-2019-25600. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

vuldb.com

CVE-2026-4597 | 648540858 wvp-GB28181-pro up to 2.7.4 Stream Proxy Query StreamProxyProvider.java selectAll sql injection

VulDB Recent Entries

3 days 6 hours ago

A vulnerability described as critical has been identified in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-4597. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #775635: 648540858 wvp-GB28181-pro WVP <= v2.7.4 SQL Injection [Accepted]

Vuldb Submit

3 days 6 hours ago

Submit #775635 / VDB-352435

xcxr

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

3 days 6 hours ago

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CISA added the three […]

Pierluigi Paganini

VoidStealer malware steals Chrome master key via debugger trick

Bleeping Computer.

3 days 6 hours ago

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. [...]

Bill Toulas