PT-2026-5045

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS. Installations prior to version 0.26.6 utilize a hardcoded password within the installation script, specifically at the provided URL:...

Dokploy Trust Management Vulnerability

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to trust management. This vulnerability stemmed from hard-coded credentials in the installation script, which could lead to the exposure of database credentials...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20103-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20103-1 advisory. Changes in chromium: - Chromium 144.0.7559.96 boo1257011 CVE-2026-1220: Race in V8 - update INSTALL.sh to handle the addded tags in the desktop file...

OPENSUSE-SU-2026:20103-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.96 boo1257011 CVE-2026-1220: Race in V8 - update INSTALL.sh to handle the addded tags in the desktop file boo1256938...

Security update for chromium (moderate)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0027-1 Rating: moderate References: 1256938 1257011 Cross-References: CVE-2026-1220 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now available...

CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

📄 Gnuboard 5.6.23 SQL Injection / Code Execution

Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...

Oracle Linux 10 : wireshark (ELSA-2025-23083)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-23083 advisory. 4.4.2-4.0.1.1 - Fix post script to not fail during initial installation Orabug: 37565359 1:4.4.2-4.1 - Resolves: RHEL-130425 - Access of Uninitialized Pointer...

CVE-2024-13178

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12441

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11208

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Malicious Package

Overview etherdjs is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs npm's...

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the install.php script. The script processes user-controlled input in the previoussteps POST parameter using unserializebase64decode without validation, allowing attackers to craft malicious serialized data. This could lead to remo...

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the install.php script. The script processes user-controlled input in the previoussteps POST parameter using unserializebase64decode without validation, allowing attackers to craft malicious serialized data. This could lead to remo...

PT-2025-41591

Name of the Vulnerable Software and Affected Versions e107 CMS versions through 2.3.3 Description The software contains a flaw due to insecure deserialization in the install.php script. The script processes user-controlled input received in the previous steps POST parameter using unserializebase6...

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the install.php script. The script processes user-controlled input in the previoussteps POST parameter using unserializebase64decode without validation, allowing attackers to craft malicious serialized data. This could lead to remo...

CVE-2025-61505

The CVE concerns e107 CMS ≤ 2.3.3 with insecure deserialization in install.php. The code processes user-supplied previous_steps via unserialize(base64_decode()), enabling crafted serialized payloads that can cause remote code execution, arbitrary file operations, or DoS if PHP object gadgets exis...

EUVD-2012-0465

Malware in sbrugna...

EUVD-2019-4818

Malware in sbrugna...