50 matches found
CVE-2026-40016
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
CVE-2025-14821
CVE-2025-14821 concerns the libssh library. Multiple connected records describe a flaw where an insecure Windows default configuration causes libssh to load configuration files from C:\etc, which can be created or modified by unprivileged local users. This enables local man-in-the-middle attacks,...
TIK-SOFT多款产品 信任管理问题漏洞
TIK-SOFT Finka-FK is a product of the Polish company TIK-SOFT. TIK-SOFT Finka-FK is a financial accounting software. TIK-SOFT Finka-KPR is a financial management software. TIK-SOFT Finka-Płace is a human resources and payroll management software. Several TIK-SOFT products have vulnerabilities...
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...
CVE-2018-18656
The PureVPN client before 6.1.0 for Windows stores Login Credentials username and password in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file...
Huawei EulerOS: Security Advisory for EDK2 (EulerOS-SA-2025-2571)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-47233
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...
CVE-2025-34501 Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...
EUVD-2003-1466
Malware in sbrugna...
EUVD-2020-26933
Malware in sbrugna...
EUVD-2008-3884
Malware in sbrugna...
EUVD-2024-36396
Malicious code in bioql PyPI...
EUVD-2021-7752
Malicious code in bioql PyPI...
EUVD-2025-30264
Malicious code in bioql PyPI...
EUVD-2023-53326
Malicious code in bioql PyPI...
EUVD-2023-53327
Malicious code in bioql PyPI...
EUVD-2024-30529
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-6698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android...
Linux Distros Unpatched Vulnerability : CVE-2019-2503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior...
CVE-2023-22878
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373...