CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

CVE-2025-66480

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

CVE-2025-66480 Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

CVE-2026-22881

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CLEANSTART-2026-GN47077 Within HostnameError

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. Within HostnameError. See references for individual vulnerability details...

CVE-2025-68882

creationtimestamp| type| source ---|---|--- 2026-01-27 23:29:14+00:00| seen| Telegram/-bGFeUnXd3wpSfC7SViVpgMiu9utMM47a2xPyUysuC9P-EU...

CVE-2026-24003

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

BIT-MOODLE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

PT-2026-4826

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.12.1 Description EVerest is an EV charging software stack susceptible to a bypass of sequence state verification, including authentication. This allows sending requests that transition to forbidden states,...

Cisco Unified Communications Manager command injection

Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...

EUVD-2026-4525

Malicious code in oasis-os-provider-messaging npm...

Malicious code in oasis-os-provider-messaging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cca1eb9a5a42a34b2db68e6d23c9c2cd2cbe7098f742e647c9c6867b342e95ab The package oasis-os-provider-messaging was found to contain malicious code...

MAL-2026-481 Malicious code in oasis-os-provider-messaging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cca1eb9a5a42a34b2db68e6d23c9c2cd2cbe7098f742e647c9c6867b342e95ab The package oasis-os-provider-messaging was found to contain malicious code...

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21848)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21848 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfpappctrlmsgall...

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

CVE-2025-68140 EVerest allows null session ID to bypass session ID verification

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

SUSE CVE-2025-51602

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...

MiracleLinux 8 : parfait:0.5 (AXSA:2022-3020:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3020:01 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw l...

TMS code-related vulnerabilities

TMS is a channel-based team communication and collaboration tool developed by Weicheng’s individual developers, along with a lightweight task board. Versions of TMS 2.28.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter filename i...