CVE-2026-33414

Summary: CVE-2026-33414 affects Podman

DRUPAL-CONTRIB-2026-012

This module allows site builders to create so-called "theme\rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or...

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

This module allows site builders to create so-called "themerule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or enab...

PT-2026-22083

Name of the Vulnerable Software and Affected Versions Drupal Theme Negotiation by Rules versions prior to 1.2.1 Description A Cross-Site Request Forgery CSRF issue exists in the Theme Negotiation by Rules module. The module allows site builders to create “theme rule” config entities to render pag...

EUVD-2010-1168

Malware in sbrugna...

EUVD-2018-11216

Malware in sbrugna...

DRUPAL-CONTRIB-2025-047

The Restrict route by IP module provides an interface to manage route restriction by IP address. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that you need to know the route machine name...

DRUPAL-CONTRIB-2025-033

Panels enables administrators to add page variants within page manager, panelizer, etc to create custom pages. The module doesn't sufficiently protect sensitive routes, allowing an attacker to view and modify blocks within variants without requiring appropriate permission. This vulnerability is...

DRUPAL-CONTRIB-2025-017

This module enables you to create super sets of configuration and enable them conditionally, for example have some modules installed only in some environments. The module does not use Cross Site Request Forgery CSRF tokens to protect routes for enabling or disabling a split. This vulnerability is...

DRUPAL-CONTRIB-2025-012

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery CSRF. This vulnerability is mitigated by the...

Inconsistent Display of Machine Names in Studio

Some machine names are displayed in lower case letters in the machine catalog, while all others are displayed in upper case letters. All machines have been created in the same way and were all added manually to the catalogue. The names are being displayed consistently in AD and the PVS console...

SYS.2.2.3.A18

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

CVE-2019-9017

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name...

Buffer overflow

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name...

PT-2019-19312 · Solarwinds · Solarwinds Dameware Mini Remote Control

Name of the Vulnerable Software and Affected Versions: SolarWinds DameWare Mini Remote Control version 10.0 Description: The issue is related to a Buffer Overflow in the DWRCC component of SolarWinds DameWare Mini Remote Control, specifically associated with the size field for the machine name...

i4 assistant cross-site scripting vulnerability

i4 assistant is a specialized management tool for Apple mobile devices from China for Aipu Information Technology Company. A cross-site scripting vulnerability exists in i4 assistant version 7.85. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via th...

CVE-2018-19527

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings...

CVE-2018-19527

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings...

CVE-2018-3953

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

PT-2018-2662 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 Linksys E2500 versions 3.0.04 Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. This can be exploited by a remote attacker to...