CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

EUVD-2025-36212

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

EUVD-2018-0231

Malware in sbrugna...

EUVD-2021-10034

Malware in sbrugna...

EUVD-1999-1205

Malware in sbrugna...

EUVD-2018-1832

Malware in sbrugna...

EUVD-2018-10472

Malware in sbrugna...

EUVD-2022-34731

Malicious code in bioql PyPI...

EUVD-2022-2876

Malicious code in bioql PyPI...

EUVD-2025-22337

Malicious code in bioql PyPI...

EUVD-2023-26929

Malicious code in bioql PyPI...

PT-2025-40524

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/getCobrandingData endpoint, allowing path traversal sequences to be included. This can be used to read any loca...

Origin Validation Error

Overview @parcel/reporter-dev-server is a Blazing fast, zero configuration web application bundler Affected versions of this package are vulnerable to Origin Validation Error via improper origin validation in the development server. An attacker can access source code by tricking a developer into...

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

Linux Distros Unpatched Vulnerability : CVE-2022-24829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some...

Linux Distros Unpatched Vulnerability : CVE-2018-10857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or...

CVE-2025-26398

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...

CVE-2025-26398 SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...

PT-2025-32636 · Solarwinds · Solarwinds Database Performance Analyzer

Name of the Vulnerable Software and Affected Versions: SolarWinds Database Performance Analyzer affected versions not specified Description: SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key. Exploitation of this issue could lead to a machine-in-the-middle MITM atta...

CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...