CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the order parameter of the arm_directory_paging_action AJAX action in all versions up to and including 7.3.1. Root cause: insufficient escaping on user-supplied order and orderby parameters and inadequate preparation of ...

CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +204 more potentially affected by CVE-2026-39365 via vite (>=7.0.1 <=7.3.1)

vite NPM version =7.0.1, =1.89.2, =20.1.3, =20.1.3, =0.1.0, =0.0.4, =0.2.9, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.28.0 and more Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITE-15922213...

CVE-2025-10450 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional Core Libraries allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1...

EUVD-2025-175377

Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3...

EUVD-2025-175380

Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3...

CVE-2025-47221

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

Keyfactor SignServer 安全漏洞

Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...

CVE-2025-47220

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...

Keyfactor SignServer 安全漏洞

Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...

CVE-2025-47221

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...

CVE-2025-47221

CVE-2025-47221 : Keyfactor SignServer versions before 7.3.2 contain an arbitrary file write flaw. The ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, and ARCHIVETODISK_PATH_PATTERN properties can be set to any path, enabling a user with admin access to write files in arbitrary server dir...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

EUVD-2019-18412

Malware in sbrugna...

EUVD-2022-0509

Malicious code in bioql PyPI...

EUVD-2023-56801

Malicious code in bioql PyPI...

EUVD-2023-36358

Malicious code in bioql PyPI...