212 matches found
PT-2026-25662
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...
EUVD-2026-8465
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so...
CVE-2026-25084
The CVE-2026-25084 entry concerns ZLAN5143D, a device whose authentication can be bypassed by directly accessing internal URLs. Connected sources provide concrete details: in addition to the basic bypass vulnerability, an unprotected API endpoint can allow an attacker to remotely change the devic...
CVE-2026-25806 PlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do...
GHSA-3G2F-4RJG-9385 Weblate leaks information via screenshots
Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...
CVE-2023-54117
In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with listadd corruption Commit fb08a1908cb1 "dax: simplify the daxdevice gendisk association" introduced new logic for gendisk association, requiring drivers to explicitly call daxaddhost and...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989441)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989441 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of...
UBUNTU-CVE-2023-53711
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...
CVE-2023-53711 NFS: Fix a potential data corruption
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...
CVE-2025-62356
A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...
CVE-2025-62356
CVE-2025-62356 affects Qodo Gen IDE (Qodo Gen IDE). A path traversal vulnerability enables a threat actor to read arbitrary local files on an end user’s system, including files outside of current projects. The issue is reachable directly and via indirect prompt injection, impacting confidentialit...
EUVD-2011-1024
Malware in sbrugna...
EUVD-2018-13531
Malware in sbrugna...
EUVD-2010-5307
Malware in sbrugna...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-392013)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-392013 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient ES...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly removing DAX entries, which could result in a runtime warning...
DEBIAN-CVE-2023-53323
In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...
CVE-2025-52130
CVE-2025-52130 is a file upload vulnerability in WebErpMesv2 prior to 1.19 (FactoryController.php in 1.17). An authenticated attacker can upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests and may lead to Remote Code Execution (RCE). Related advisories (R...
CVE-2010-20115
Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...