VulnCheck KEV: CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

Azure Linux 3.0 Security Update: valkey (CVE-2024-31227)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31227 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileg...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

PT-2026-2853

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

Crazy Bubble Tea App 安全漏洞

Crazy Bubble Tea App is a Pearl Milk Tea ordering mobile app from Crazy Bubble Tea, Poland. A security vulnerability exists in Crazy Bubble Tea App versions prior to 915 and prior to 7.4.1, which stems from the server not verifying permissions and could lead to the enumeration of the loyaltyGuest...

CVE-2025-54822

An improper authorization vulnerability CWE-285 vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an...

Fortinet FortiManager Insertion of Sensitive Information Into Sent Data in csfd daemon (FG-IR-24-228)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-228 advisory. - A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0...

EUVD-2003-0601

Malware in sbrugna...

CVE-2025-58835

CVE-2025-58835 concerns Bonus for Woo (WordPress) with improper validation of a specified quantity in input, enabling access to functionality not properly constrained by ACLs. Affected versions are n/a through 7.4.1. Public sources indicate remediation via upgrading to a newer version (per PT-202...

CVE-2025-58835 WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

CVE-2023-25576

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2024-46662

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets...

CVE-2024-46662

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets...

CVE-2024-46662

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets...

CVE-2025-1741 b1gMail Admin Page users.php deserialization

A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched...

PT-2025-8962 · B1Gmail · B1Gmail

Name of the Vulnerable Software and Affected Versions: b1gMail versions up to 7.4.1-pl1 Description: A problematic issue was found in the Admin Page component, specifically in the file src/admin/users.php, where the manipulation of the query/q argument leads to deserialization. This issue can be...

b1gMail 代码问题漏洞

b1gMail is an email service from b1gMail open source. A code issue vulnerability exists in b1gMail 7.4.1-pl1 and earlier versions that stems from deserialization...

CVE-2025-21554

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

Oracle Communications Order and Service Management 安全漏洞

Oracle Communications Order and Service Management is an order management system from Oracle Corporation USA that is used to coordinate the order fulfillment functions required to complete orders. A security vulnerability exists in Oracle Communications Order and Service Management versions 7.4.0...