EUVD-2026-38764

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2019-7865

A cross-site request forgery CSRF vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration...

EUVD-2025-8204

Malicious code in bioql PyPI...

EUVD-2024-2833

Malicious code in bioql PyPI...

CVE-2025-23203

CVE-2025-23203 affects Icinga Director (REST API) prior to versions 1.10.4 and 1.11.4. An authenticated Director user with API access can retrieve or modify information for objects they should not fully access, via endpoints such as icingaweb2/director/service (host omitted), icingaweb2/director/...

CVE-2025-23203 Icinga has rest API endpoints accessible to restricted users

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

PT-2024-22667 · Apache · Cloudstack

Name of the Vulnerable Software and Affected Versions: CloudStack versions prior to 4.18.1.1 CloudStack versions prior to 4.19.0.1 Description: A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deplo...

PT-2023-28889

Name of the Vulnerable Software and Affected Versions Pillar eve container versions 9.0.0 and later, prior to the inclusion of the config partition measurement in PCR13 Description The Pillar eve container checks for the existence and content of /config/GlobalConfig/global.json on boot. If the fi...

Security Advisory 0087

Security Advisory 0087 . CSAF PDF Date: May 31, 2023 Revision | Date | Changes ---|---|--- 1.0 | May 31, 2023 | Initial release 1.1 | September 24, 2024 | Update fixed release info The CVE-ID tracking this issue: CVE-2023-24510 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

CVE-2022-24011

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

Researcher Owns Internal Network after Victim Opens Email

Security researcher Bogdan Calin found that he could remotely compromise the internal networks of users with default or weak router passwords merely by compelling them to open a legitimate looking email on their iPhone, iPad, or Mac. Writing for the Acunetix blog, Calin explains that he has found...