PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

FlowiseAI Vulnerable to Credential Data Leak

Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...

CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. An authentication bypass vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with...

EUVD-2025-208745

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

CVE-2026-23612

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBIPs parameter to...

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 have security vulnerabilities. These vulnerabilities stem from the use of predefined default passwords, which may allow attackers to gain access to the management interface...

MiracleLinux 4 : cups-1.4.2-50.AXS4.4 (AXSA:2013-200:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-200:01 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a...

CVE-2025-13159

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

Exploit for CVE-2025-40547

CVE-2025-40547 - Serv-U Administrative Pre-Authenticated Remot...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

EUVD-2025-0174

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-42249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spiasync Calling spimaybeunoptimizemessage in spiasync is...

CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-1398 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a "Handover Request Ack" message without the required MME UE S1AP ID field, which can cause the MME to crash repeatedly, resulting in denial of service. Thi...

PT-2024-19359 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.0.3.9 IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.3 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in t...

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...

Cisco Small Business 跨站脚本漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325, which stems from insufficient validation of inputs to the web-based management interface...