CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...

CVE-2025-14750

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

Command Injection

Overview gemini-mcp-tool is a MCP server for Gemini CLI integration Affected versions of this package are vulnerable to Command Injection via the execAsync function. An attacker can execute arbitrary code with the privileges of the service account by supplying crafted input that is not properly...

EUVD-2025-206328

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

PT-2026-4278

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web application does not adequately validate inputs that should be constant but are subject to external control. A user with limited privileges can alter...

CVE-1999-0555

A Unix account with a name other than "root" has UID 0, i.e. root privileges...

Hanwha Vision Camera 安全漏洞

Hanwha Vision Camera is a series of cameras from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision Camera that stems from insufficient management of camera guest account privileges...

EUVD-2012-2588

Malware in sbrugna...

EUVD-2001-1150

Malware in sbrugna...

EUVD-2024-54695

Malicious code in bioql PyPI...

EUVD-2022-41584

Malicious code in bioql PyPI...

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

PT-2024-9472 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: The issue is related to insecure deserialization in Veeam Backup & Replication, allowing a low-privileged user to connect to remoting services and exploit this...

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit

The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...

GHSA-93X3-M7PW-PPQM Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

PT-2024-20077 · Quest · Quest Kace Agent For Windows

Name of the Vulnerable Software and Affected Versions: Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 Description: An issue exists in the KSchedulerSvc.exe component, allowing local attackers to delete any file of their choice with NT AuthoritySYSTEM privileges. This is due to an...

ClamAV 安全漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A command execution vulnerability exists in ClamAV versions prior to 1.3.0, which stems from insecure handling of filenames...

Dell DM5500 安全漏洞

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an information disclosure vulnerability that originates from the inclusion of a plain text password in the PPO...

SUSE-RU-2023:3956-1 Recommended update for mariadb104

This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...

CVE-2022-26856

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...