CVE-2026-0954 Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ReadPSDChannelRLE function. An attacker can cause information disclosure or application crash by submitting specially crafted PSB files that trigger a heap out-of-bounds read during decoding. Note:...

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

CLSA-2026-1770373628 Update of microcode_ctl

Update Intel CPU microcode to 20251111: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000410; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b000650; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

ScienceLogic Skylar One Detection

Binary data sciencelogicskylaronedetect.nbin...

CVE-2023-4555

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliardata.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be...

CVE-2019-20529

In core/doctype/preparedreport/preparedreport.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files no authentication is required to access; having a link is sufficient instead of private files...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

CVE-2023-4558

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staffdata.php. The manipulation of the argument columns0data leads to sql injection. The attack can be launched remotely. The...

CVE-2023-4199

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagorydata.php. The manipulation of the argument columns1data leads to sql injection. It is possible to initiate the attack remotely. The...

IBM QRadar Installed

Binary data ibmqradarnixinstalled.nbin...

Photon OS 4.0: Linux PHSA-2026-4.0-0937

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0937. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

IGEL OS Detection

Binary data igelosdetect.nbin...

Microsoft Azure Guest Agent Installed (Windows)

Binary data microsoftazureguestagentwininstalled.nbin...

EUVD-2025-205526

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

Adobe Photoshop Elements Installed (macOS)

Binary data adobephotoshopelementsmacosinstalled.nbin...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...