CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

EUVD-2025-24819

Malicious code in bioql PyPI...

CVE-2025-58352 Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

DEBIAN-CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

PT-2024-40178 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.2.25 Description: The issue allows for the execution of authorized foreign code under certain circumstances. Recommendations: For versions prior to 5.2.25, update to version 5.2.25 or later to resolve the issue...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO before v5.0, which originates from an SQL...

CVE-2016-20010

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5...

CVE-2020-5737

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue...

CVE-2020-8796

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

CVE-2019-19548

Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user...

TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44522)

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. The vulnerability can be exploited by an attacker to execute arbitrary code by overwriting an existing file or adding a new PHP file to the web root directory...

UBUNTU-CVE-2019-19081

A memory leak in the nfpflowerspawnvnicreprs function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service memory consumption, aka CID-8ce39eb5a67a...

eBrigade SQL Injection Vulnerability (CNVD-2019-35774)

eBrigade is a rescue team management system. The system includes personnel management, vehicle management and equipment management. A SQL injection vulnerability exists in eBrigade versions prior to 5.0, which can be exploited by attackers to execute illegal SQL commands...

eBrigade SQL Injection Vulnerability (CNVD-2019-35770)

eBrigade is a rescue team management system. The system includes personnel management, vehicle management and equipment management. A SQL injection vulnerability exists in eBrigade versions prior to 5.0, which can be exploited by attackers to execute illegal SQL commands...

HPE 3PAR Service Processor Override Access Vulnerability

HPE 3PAR Service Processor SP is a suite of virtual service processors deployed on the VMware vSphere hypervisor from HPE, USA. An over-the-horizon access vulnerability exists in HPE 3PAR Service Processor versions prior to 5.0.5.1. An attacker could exploit this vulnerability to gain authorized...

CVE-2009-2146

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition aka SugarCRM before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct...