Security Vulnerabilities
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
CVSS Score
9.1
EPSS Score
0.0
Published
2026-01-27
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-27
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-01-27
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-01-27
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-27
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C.
This issue affects root.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-27
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-27
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C.
This issue affects azerothcore-wotlk: through v4.0.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-27
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-27
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.
CVSS Score
8.6
EPSS Score
0.0
Published
2026-01-27