CVE-2025-58380

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...

PT-2026-5978

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description The software initializes with authentication disabled due to the 'secureEnabled' flag being commented out in the 'server/settings.default.js' file. This allows unauthenticated remote attackers to access sensitive...

Broadcom Brocade Fabric OS 安全漏洞

Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to version 9.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for attackers with administrato...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

ZSPACE Q2C NAS 安全漏洞

ZSPACE Q2C NAS is a private cloud device developed by ZSPACE Corporation. There is a security vulnerability in the ZSPACE Q2C NAS, which stems from incorrect symbol link tracking. This vulnerability could allow attackers to access all files within the NAS system and alter them...

Broadcom Brocade Fabric OS（FOS） 安全漏洞

Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to version 9.2.1c2 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for attackers with...

CVE-2026-1232

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

CVE_choco_2

DESCRIPTION - During the security assessment of "STUDENT WEB...

Prototype Pollution

deepHas is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of nested object keys, where attacker-controlled input can modify properties on JavaScript prototypes, allowing global object behavior to be altered in applications using deephas...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

📄 Pragyan CMS 3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...

EUVD-2020-30944

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...

CVE-2020-37057

CVE-2020-37057 affects Online-Exam-System 2015, where a SQL injection in the feedback module is triggered via the fid parameter. The root cause is unsafely constructed SQL queries allowing attackers to manipulate queries, potentially exfiltrate or modify data. CVSS metrics indicate a high-severit...

CVE-2020-37033

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

ShellExploit

This project is no longer supported PowerSploit is a col...

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

EUVD-2026-5040

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

PT-2026-5476

Name of the Vulnerable Software and Affected Versions e-Learning PHP Script version 0.1.0 Description The software contains a SQL injection issue in the search functionality. Attackers can manipulate database queries through unvalidated user input. Specifically, malicious SQL code can be injected...