DEBIAN-CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

UBUNTU-CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

EUVD-2026-34186

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

PT-2026-46143

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

osctrl 操作系统命令注入漏洞

OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from OS command injection in the OsCtrl-admin environment configuration, which could lead...

EUVD-2020-7553

Malware in sbrugna...

EUVD-2024-50431

Malicious code in bioql PyPI...

CVE-2025-20137

A vulnerability in the access control list ACL programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL a...

CVE-2024-9132 The administrator is able to configure an insecure captive portal script

The administrator is able to configure an insecure captive portal script...

CVE-2024-9132

CVE-2024-9132 affects Arista Edge Threat Management – Arista NG Firewall. The advisory details that an administrator can configure an insecure captive portal script, enabling code injection-like behavior. Affected: NGFW versions 17.1.1 and earlier. Impact, per the document, includes insecure port...

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista USA. A security vulnerability exists in Arista NG Firewall that stems from an administrator's ability to configure insecure forced portal scripts...

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

Authentication flaw

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator...

CVE-2023-44320

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

WordPress WP-chgFontSize plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP-chgFontSize plugin version 1.8 and earlier versions are vulnerable to cross-site request...

Totolink A3100R Access Control Error Vulnerability

The TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China. An attacker could use this vulnerability to set the administrator configuration without a cookie...

TotoLink A3100R 访问控制错误漏洞

The TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China. An attacker could use this vulnerability to set the administrator configuration without a cookie...

Denial Of Service (DoS)

xen/arm is vulnerable to denial of service. No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an...

Fixed in Apache Tomcat 7.0.109

Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...