Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

Security Bulletin: IBM WebSphere Application Server is affected by an identity spoofing vulnerability (CVE-2026-8644)

Summary IBM WebSphere Application Server is affected by an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing. CWE:CWE-290: Authentication Bypass by Spoofing CVSS Source: IBM CVSS Base score:...

EUVD-2019-12093

Malware in sbrugna...

EUVD-2021-16559

Malware in sbrugna...

EUVD-2025-17410

Malicious code in bioql PyPI...

PT-2025-30622 · Undefined · Undefined

🚨 BREAKING: SUSE releases CRITICAL kernel patch CVE-2025-02470 | CVSS 9.1. Impact: Root access via netfilter UA Affects: Kernels 5.15-6.5 Action: zypper patch --cve=CVE-2025-02470 Read more: 👉 https://t.co/Iyqyhf0Cfc https://t.co/qRWwdxp2tj...

CVE-2025-3461

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...

CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...

CVE-2025-3461

The CVE-2025-3461 entry concerns Quantenna Wi‑Fi chipsets with an unauthenticated telnet interface enabled by default (CWE-306: Missing Authentication for Critical Function). Affected product: Quantenna Wi‑Fi chipset through SDK version 8.0.0.28. Reported impact: potential unauthorized access via...

Security Bulletin: Vulnerability in Spring WebFlux affects watsonx.data

Summary Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security...

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

Security Bulletin: Vulnerability in CloudPak for AIOPs [CVE-2023-46233]

Summary Vulnerability was addressed in IBM Cloud Pak for AIOps version 4.3.0 CVE-2023-46233 Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remote attacker to obtain sensitive information, caused by the use of a weak cryptographic hash algorithm. By utilize...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...

WordPress Slider Revolution Plugin <= 6.6.12 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.12 Fixed in 6.6.13 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2023-2359 Patch priority Low CVSS severity Low 9.1 Developer ThemePunch PSID 48e5307584b9 Credits Marco Frison Required privilege...

TIBCO Security Advisory: May 25, 2023 - TIBCO EBX Add-ons -CVE-2023-26216

TIBCO EBX Add-ons Path Traversal Original release date: May 25, 2023 Last revised: --- CVE-2023-26216 Source: TIBCO SoftwareInc. Products Affected TIBCO EBX Add-ons versions 4.5.16 and below The following component is affected: server Description The component listed above contains an exploitable...

Ricon Mobile Industrial Cellular Router

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Ricon Mobile, Inc. Equipment: Industrial Cellular Router Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Patch Tuesday - December 2020

We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months high thirties, it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported...

CVE-2016-8325

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Internal Operations. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

SAP NetWeaver AS JAVA - SQL injection vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

File Hub 1.9.1 iOS - Multiple Vulnerabilities

File Hub 1.9.1 iOS - Multiple Vulnerabilities Document Title: =============== File Hub v1.9.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1195 Release Date: ============= 2014-02-15 Vulnerability Laboratory ID VL-ID...