CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

CVE-2022-35884

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

MAL-2026-181 Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

ZTE MF258K Pro 安全漏洞

The ZTE MF258K Pro is a 4G outdoor bridge kit from ZTE China. The ZTE MF258K Pro suffers from a configuration flaw vulnerability that stems from improperly set directory permissions, which can be exploited by an attacker to cause a write operation to be performed...

(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeCommand method. The issue result...

PT-2026-1989

Name of the Vulnerable Software and Affected Versions Katana Network Development Starter Kit affected versions not specified Description The Katana Network Development Starter Kit contains a command injection flaw in the executeCommand function, potentially allowing remote code execution. The iss...

Improper Validation of Syntactic Correctness of Input

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...

EUVD-2026-1418

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value...

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

CVE-2026-22487

Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through = 2.0.2...

CVE-2026-22487 WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through = 2.0.2...

CVE-2026-22487 WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through = 2.0.2...

CVE-2026-22487

CVE-2026-22487 describes a Missing Authorization vulnerability in Speed Kit affecting Speed Kit versions from n/a up to 2.0.2. The issue arises from incorrect access control configuration, allowing an unauthenticated actor to reach restricted functionality. CVSSv3.1/3.1 base metrics show a Medium...

CVE-2025-67603

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...

EUVD-2026-1622

Malicious code in @kyriba/mf-kit npm...

Malicious code in @kyriba/mf-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa1b2dd3479a677d975d11f8fe29e2cb24cbcc3a90c05081fa1632822c7c2f5a The package @kyriba/mf-kit was found to contain malicious code. Source: ghsa-malware 5316d385b586e69d62f54165ad5c9a973bf0bdfc3ef7023a0f7f53c784bb7131...

MAL-2026-165 Malicious code in @kyriba/mf-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa1b2dd3479a677d975d11f8fe29e2cb24cbcc3a90c05081fa1632822c7c2f5a The package @kyriba/mf-kit was found to contain malicious code. Source: ghsa-malware 5316d385b586e69d62f54165ad5c9a973bf0bdfc3ef7023a0f7f53c784bb7131...

CVE-2025-14275

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...