PT-2026-46114

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalk die and ct die functions output the CleanTalk API response message directly into HTML without proper...

CVE-2025-14576 Possible QML code injection in VectorImage component

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

BIT-AUTHENTIK-2024-23647 PKCE downgrade attack in Authentik

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

WordPress plugin Armania 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2021-2237

Malware in sbrugna...

EUVD-2018-8198

Malware in sbrugna...

EUVD-2024-0845

Malicious code in bioql PyPI...

EUVD-2022-39041

Malicious code in bioql PyPI...

EUVD-2025-24696

Malicious code in bioql PyPI...

EUVD-2024-52224

Malicious code in bioql PyPI...

EUVD-2023-2727

Malicious code in bioql PyPI...

EUVD-2025-7532

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-39950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and...

AZL-66306 CVE-2025-8715 affecting package postgresql for versions less than 16.10-1

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

CVE-2025-54449

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

PT-2025-30527 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An unrestricted file upload issue with dangerous file types exists in Samsung Electronics MagicINFO 9 Server, potentially leading to code injection. Recommendations: Update MagicINFO...

TencentOS Server 3: icedtea-web (TSSA-2022:0037)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0037 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2024-53382]

Summary IBM Security SOAR uses an older version of prismjs that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.6.0 . Vulnerability Details CVEID:CVE-2024-53382...

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2023-0021

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed...