400 matches found
Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494343)
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...
Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494441)
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...
Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...
XML External Entity (XXE) Injection
peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...
Ray's New Token Authentication is Disabled By Default
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...
CVE-2025-13357
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-13357
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-64690
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes...
CVE-2025-64690
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers...
CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)
Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...
EUVD-2020-7488
Malware in sbrugna...
EUVD-2020-23128
Malware in sbrugna...
EUVD-2021-1431
Malware in sbrugna...
EUVD-2020-21859
Malware in sbrugna...
EUVD-2021-0872
Malware in sbrugna...
EUVD-2015-0028
Malware in sbrugna...
EUVD-2019-13792
Malware in sbrugna...
EUVD-2007-6687
Malware in sbrugna...
EUVD-2002-0563
Malware in sbrugna...