CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

PT-2026-6087

Name of the Vulnerable Software and Affected Versions Citrix Emergency Sharing versions prior to SMR Feb-2026 Release 1 Description An improper access control issue exists in Emergency Sharing. This allows local attackers to interrupt the functionality of the service. Recommendations Update to SM...

EUVD-2022-41578

Malicious code in bioql PyPI...

EUVD-2023-28827

Malicious code in bioql PyPI...

EUVD-2023-52423

Malicious code in bioql PyPI...

EUVD-2022-27210

Malicious code in bioql PyPI...

EUVD-2023-28825

Malicious code in bioql PyPI...

EUVD-2022-40721

Malicious code in bioql PyPI...

EUVD-2022-38110

Malicious code in bioql PyPI...

EUVD-2022-36032

Malicious code in bioql PyPI...

EUVD-2022-41588

Malicious code in bioql PyPI...

EUVD-2023-32340

Malicious code in bioql PyPI...

EUVD-2023-42972

Malicious code in bioql PyPI...

CVE-2020-1823

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CVE-2024-10455 Reachable Assertion in µD3TN

Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block...

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service DoS. The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions ...

Use After Free

github.com/envoyproxy/envoy is vulnerable to a use-after-free. The vulnerability is due to QUICHE continuing to push request headers after the StopReading method is called on the stream, which can lead to accessing a destroyed HCM ActiveStream object. This allows attackers to disrupt service by...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-03030)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

CVE-2023-48394

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48388

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service...