Vanna 代码问题漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier contained a code vulnerability. This vulnerability stemmed from improper handling of the updatesql/runsql functions in the file src/vanna/legacy/flask/init.py of the component Endpoint. It could lead to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001476 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by t...

CVE-2020-12030

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway...

PT-2025-50298

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.3.0 Description Filament, a collection of full-stack components for accelerated Laravel development, has an issue in how it manages recovery codes for application-based multi-factor authentication. The flaw...

ASB-A-407763772

Bulletin has no description...

OrangeHRM 代码问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code issue vulnerability exists in OrangeHRM versions 5.0 through 5.7, which...

TencentOS Server 3: grafana-pcp (TSSA-2024:0101)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0101 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2020-7131

Malware in sbrugna...

EUVD-2018-0639

Malware in sbrugna...

EUVD-2017-10392

Malware in sbrugna...

EUVD-2022-48939

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-2118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no...

CVE-2025-57087

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

Tenda AC18 Weak Password Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...

CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: LocatorURL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go...

CVE-2020-12621

The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

PT-2024-22701 · Unknown · Mesh Wi-Fi Router Rp562B

Name of the Vulnerable Software and Affected Versions: Mesh Wi-Fi router RP562B versions v1.0.2 and earlier Description: The issue is related to an active debug code vulnerability. If exploited, it allows a network-adjacent authenticated attacker to obtain or alter the device's settings...