CVE-2026-31852

CVE-2026-31852 affects the Jellyfin project, specifically the GitHub Actions workflow in jellyfin/jellyfin-ios (code-quality.yml). The root cause is an elevated-permissions workflow that accepts pull requests from forked repositories, enabling arbitrary code execution and full takeover of the jel...

EUVD-2025-17140

Malicious code in bioql PyPI...

EUVD-2024-33360

Malicious code in bioql PyPI...

CVE-2025-41367

Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...

CVE-2025-41367 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF

Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...

PT-2025-23215 · Unknown · Cs5000 Fire Panel

Name of the Vulnerable Software and Affected Versions: CS5000 Fire Panel affected versions not specified Description: The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. This account is not root but holds high-level permissions that could severely impact the...

CVE-2025-27703 Privilege escalation in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

PT-2024-16655 · Rockwell Automation · Rockwell Automation

Name of the Vulnerable Software and Affected Versions: Rockwell Automation products affected versions not specified Description: A Remote Code Execution issue exists due to improper input validation, allowing the possibility of a malicious Updated Agent being deployed. This issue requires a high...

CVE-2024-4447

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...

CVE-2024-4447

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...

Kubernetes: Bypass validation parts in AWS IAM Authenticator for Kubernetes

Multiple bypasses were discovered in AWS IAM Authenticator for Kubernetes. An attacker could craft a token without a signed cluster ID header and use it for replay attacks, manipulate the extracted AccessKeyID to gain higher permissions in the cluster, and send a request to other action values...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

信游科技某系统登录处存在SQL注射漏洞（权限较高）

简要描述： 存在注入 详细说明： http://ht.52xinyou.cn/xykj/login.aspx 可进后台 漏洞证明：...