CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

CVE-2026-44446

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

EUVD-2026-30198

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

Red Hat build of Keycloak 访问控制错误漏洞

Red Hat Build of Keycloak is a single-sign-on web application developed by the American company Red Hat. There is an access control vulnerability in Red Hat Build of Keycloak. This vulnerability stems from improper access control at the endpoints of User-Managed Access resources, which may allow...

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2026-26977

Frappe Learning Management System (LMS)

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK AG TDC-X401GL has a security vulnerability, which stems from improper handling of inputs at system endpoints, potentially leading to denial-of-service attacks...

CVE-2025-11894 Shelf Planner <= 2.8.1 - Missing Authorization to Unauthenticated Settings Update

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a lack of authorization checking in the API endpoints and could lead to unauthorized access...

EUVD-2018-11902

Malware in sbrugna...

EUVD-2024-54881

Malicious code in bioql PyPI...

EUVD-2025-25449

Malicious code in bioql PyPI...

GHSA-287X-6R2H-F9MW UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :whitecheckmark: | X-XSRF-TOKEN header used | | GET |...

Meon KYC 安全漏洞

Meon KYC is a solution from Meon India. A security vulnerability exists in Meon KYC that stems from insufficient server-side validation of CAPTCHA by certain API endpoints, which could lead to bypassing the CAPTCHA validation mechanism...

Lunary 安全漏洞

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...

AWS VDP: Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The Comprehend Medical service was found to have 8 API endpoints that incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail event logs. This behavior was observed specifically for FIPS endpoints, which may have been an intentional design decision. The...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a permissions issu...

SonicWALL GMS 安全漏洞

SonicWALL GMS is a global management system from SonicWALL, Inc. a powerful and intuitive solution for organizations, distributed enterprises, and service providers to centrally manage and rapidly deploy SonicWall Firewall, Anti-Spam, Backup and Recovery, and Secure Remote Access solutions. A...