PT-2026-3206

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

CVE-2026-22907

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

CVE-2026-22907

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

CVE-2026-22907

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

EUVD-2026-2821

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

CVE-2026-22907

CVE-2026-22907 : The included sources describe an unauthorized host filesystem access risk with read/modify data implications. The materials do not provide concrete mappings to a specific affected product/vendor/version nor explicit root cause details. CVSS data indicates a critical impact on con...

CVE-2026-22907

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

PT-2026-2988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. The issue could allow an attacker to...

CVE-2026-22196 GestSup < 3.2.60 SQL Injection in Ticket Creation

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

WordPress plugin aBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-61075

CVE-2025-61075 concerns multiple incorrect access control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 . The Red Hat, ENISA EUVD, NVD and CVE records converge on the same description: remote authenticated, low-privileged users can perform administrative functions and manipula...

CVE-2025-61075

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

PT-2025-54573

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the JavaScript engine V8 used by the Google Chrome browser. This issue relates to incorrect security checks during the processing of standard elements. Successful...

CVE-2025-41742

The CVE-2025-41742 entry concerns Sprecher Automations SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3. Affected components are the system’s cryptographic keys, with a root cause described as the use of default cryptographic keys that can be exploited by an unauthorized remote attacker. Consequences s...

ROS-20251124-11

A vulnerability in the Libraries component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity...

EUVD-2025-198066

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

MAL-2025-183671 Malicious code in manu-oi-gisg1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1552eb8c34c4f3b20aaade8fc8b25211d13be55f2101452766998878853d8db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in koko-poke25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4e0300c13c2602470e67f97910db22e22df755551c6f0583e85e3e50353ba6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in goodaan-nusafa-nfigasi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7ea5af768ec487dee01cd9b642a79c75402088ff9d4b853f3274e0e1540e28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in modirai-igono-jimafagi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 801a74f8a828114439eed682db5964cb55f4f185418efe6f8db3374c669c5a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...