CVE-2026-8193

CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...

CVE-2026-42176

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...

PT-2026-36988

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise-based HTTP client for the browser and Node.js. The HTTP adapter reads five configuration properties—auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser—via direct...

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

EUVD-2025-24057

Malicious code in bioql PyPI...

CVE-2020-6969

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations...

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software. The vulnerabilities in Cisco IOS XE Software include several issues, including insufficient input validation and improper memory management. These vulnerabilities can be exploited by unauthenticated attackers to cause denial-of-service DoS...

Tenda FH1202 Improper Access Control Vulnerability (CNVD-2025-07532)

The Tenda FH1202 is a wireless router manufactured by Tenda. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from improper access control due to manipulation of the parameter 'these' in the file /default.cfg. An attacker could exploit this vulnerabilit...

AZL-58360 CVE-2025-1550 affecting package keras for versions less than 3.3.3-2

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

PT-2024-7569 · Ptzoptics · Ptzoptics Pt30X-Sdi/Ndi-Xx

Name of the Vulnerable Software and Affected Versions: PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40 Description: The issue is related to insufficient authentication in PTZOptics cameras. When requests are sent without an HTTP Authorization header to the /cgi-bin/param.cgi endpoint, the...

CVE-2024-8077

This CVE-2024-8077 affects TOTOLINK AC1200 T8, specifically version 4.1.5cu.862_B20230228. The vulnerability is in the setTracerouteCfg function and allows OS command injection, with remote exploitation as implied by the sources. Reports consistently describe a critical impact under this function...

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

...

CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...