PT-2026-2794

Name of the Vulnerable Software and Affected Versions Vivotek devices versions 0100a through 012502 Description The affected devices contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' issue. This allows for potential OS Command Injection through the uploa...

MiracleLinux 7 : pam-1.1.8-23.0.1.0.1.el7.AXS7 (AXSA:2025-10203:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10203:02 advisory. CVE-2024-10041: fix possibility of leakage of secret information stored in memory CVE-2024-22365: fix potential DoS via mkfifo because the openat...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...

PT-2026-2229

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe imports method within Fickling’s static analyzer does not identify several high-risk Python modules...

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...

CVE-2025-15035

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...

CVE-2021-22320

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS...

CVE-2022-38335

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the e-mail template modules...

CVE-2020-7486

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this...

CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...

CVE-2024-41980

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive...

CVE-2022-0222

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUsBMXP34 versions prior to V3.40, Modicon M340 X80 Ethernet Communication...

CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

CVE-2024-41979

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete acce...

CVE-2025-14625

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows Nios II Command Shell modules, Altera Quartus Prime Lite on Windows Nios II Command Shell modules allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Pri...

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.12.0 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.12.0 <=1.20.1) +912 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.12.0 <=3.20.4)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =3.15.3, =3.15.3, =0.2.0.0, =0.4.8.0, =0.7.0.2 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-148970...

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +458 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.28.0.CR1 <=3.30.8)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.28.0.CR1, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.7, =0.1.9 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-14897052...

EUVD-2025-206248

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...