6330 matches found
EUVD-2006-4255
Malware in sbrugna...
CVE-2017-9965
creationtimestamp| type| source ---|---|--- 2025-10-05 10:02:43+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2017/CVE-2017-9965.yaml...
CVE-2018-11511
creationtimestamp| type| source ---|---|--- 2025-10-05 08:40:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2018/CVE-2018-11511.yaml 2025-10-06 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2kj4bihhq2q 2025-12-07...
PT-2025-40793
A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be...
EUVD-2025-28395
Malicious code in bioql PyPI...
CVE-2025-27223
creationtimestamp| type| source ---|---|--- 2025-10-01 18:49:45+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-27223.yaml 2025-10-02 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2ahapki2u26 2025-10-18...
CVE-2025-39894
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: do not check confirmed bit in brnflocalin after confirm When send a broadcast packet to a tap device, which was added to a bridge, brnflocalin is called to confirm the conntrack. If another conntrack with...
CVE-2025-34234 Vasion Print (formerly PrinterLogic) Hardcoded Encryption Private Keys
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...
CVE-2025-54249
creationtimestamp| type| source ---|---|--- 2025-09-29 03:18:25+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-54249.yaml 2025-09-30 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m23gd7gjji2j 2025-10-18...
PT-2025-39885
Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description The /api-gateway/identity/search-groups API endpoint does not require authentication. An unauthenticated remote attacker can enumerate eve...
PT-2025-39897
Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application deployments contain hardcoded private keys stored in clear text...
CVE-2020-36719
creationtimestamp| type| source ---|---|--- 2025-09-24 13:50:13+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-36719.yaml...
CVE-2020-36705
creationtimestamp| type| source ---|---|--- 2025-09-24 09:47:43+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/passive/cves/2020/CVE-2020-36705.yaml...
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Libraesva has released a security update to address a vulnerability in its Email Security Gateway ESG solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689 , carries a CVSS score of 6.1, indicating medium severity. "Libraesva ESG i...
CVE-2019-11886
creationtimestamp| type| source ---|---|--- 2025-09-18 01:43:53+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-11886.yaml 2025-09-21 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lzes4jrnvf2g...
CVE-2025-2404 XSS in Ubit Information Technologies' STOYS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting XSS. This issue affects STOYS: from 2 before 20250916...
CVE-2020-11515
creationtimestamp| type| source ---|---|--- 2025-09-15 21:55:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-11515.yaml 2025-09-16 21:02:25+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyy7rtlmvj2p...
PT-2025-86: Disclosure of confidential data via controller configuration request in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to obtain administrator‑level privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
PT-2025-87: Incorrect session expiration in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to gain unlimited access to a device by brute-forcing or compromising a session token. Vulnerability status: Confirmed ...
CVE-2025-38724
CVE-2025-38724: Linux kernel NFS server (nfsd) had a race in nfsd4_setclientid_confirm() where it did not check get_client_locked() return, risking reference loss and a potential use-after-free. A fix obtains a reference early when a confirmed client exists, and handles failure as if no confirmed...