Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of unvalidated enclosure URLs in podcast episode feeds. An attacker can access sensitive internal resources and exfiltrate data by...

CVE-2026-41141

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

CVE-2026-41141 EspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address Lookup

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

EUVD-2026-32946

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.5 contained security vulnerabilities. These vulnerabilities were caused by business...

EUVD-2024-31299

Malicious code in bioql PyPI...

CVE-2024-48851

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5...

CVE-2025-10205

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions...

CVE-2025-10207 Authenticated File Disclosure/Delete

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5...

CVE-2024-48851

CVE-2024-48851 affects ABB FLXEON controllers (through version 9.3.5). The issue arises from improper input validation in the FLXEON.A component, enabling remote code execution. Connected sources (ICS advisory from CISA, vendor/Red Hat/CNNVD entries) confirm remote code execution as the impact. N...

PT-2025-38312

Name of the Vulnerable Software and Affected Versions ABB FLXEON versions through 9.3.5 Description An improper validation of specified type of input issue exists in ABB FLXEON. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2025-10205 Predictable Salt and Weak Hashing Algorithm

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions...

CVE-2025-10205

CVE-2025-10205 affects ABB FLXEON controllers (through 9.3.5 and newer). The issue arises from using a one-way hash with a predictable salt and low-entropy MD5 salt storage, enabling credential-related weaknesses and contributing to a remote code execution risk due to improper input validation. P...

ABB FLXEON 安全漏洞

ABB FLXEON is a series of building automation controllers from ABB Switzerland. A security vulnerability exists in ABB FLXEON version 9.3.5 and earlier, which stems from the use of one-way hashing with predictable salt values...

Splunk Enterprise 操作系统命令注入漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk Corporation in the United States. Splunk Enterprise suffers from an operating system command injection vulnerability that stems from improper input cleanup and could lead to remote command execution. The following...

ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Directory Traversal

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

CVE-2024-33562

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5...

CVE-2024-33559

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5...

Malicious code in chameleon-sdk-android (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 589be22e021ff78ea28c1042adb0a595cec7ba04c5c4050009471dcd91d7de2c The OpenSSF Package Analysis project identified 'chameleon-sdk-android' @ 9.3.5 npm as malicious. It is considered malicious because: - The...

Malicious code in cml-tt-sets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf782b7bdc62c7fa7743c5fafc916bcd3c20ec2c23d89837b120d35d53659e6b The OpenSSF Package Analysis project identified 'cml-tt-sets' @ 9.3.5 npm as malicious. It is considered malicious because: - The package...