News & Sicurezza

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page.

CVE ID :CVE-2018-25251 Published : April 4, 2026, 2:16 p.m. | 13 hours, 38 minutes ago Description :Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25255 Published : April 4, 2026, 2:16 p.m. | 17 hours, 39 minutes ago Description :10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25252 Published : April 4, 2026, 2:16 p.m. | 13 hours, 38 minutes ago Description :FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25250 Published : April 4, 2026, 2:16 p.m. | 13 hours, 38 minutes ago Description :MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25254 Published : April 4, 2026, 2:16 p.m. | 15 hours, 39 minutes ago Description :NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25253 Published : April 4, 2026, 2:16 p.m. | 15 hours, 39 minutes ago Description :Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators validate the download in downloads.php.

Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.

CVE ID :CVE-2018-25247 Published : April 4, 2026, 2:16 p.m. | 11 hours, 38 minutes ago Description :MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25244 Published : April 4, 2026, 2:16 p.m. | 11 hours, 38 minutes ago Description :Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...