CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS

An attacker can achieve Full Account Takeover and Privilege Escalation via Stored DOM XSS in the backup module's filename field, which is manipulated through an SQL file that tampers with the filename field to contain a hidden XSS payload...

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

DEBIAN-CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

UBUNTU-CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003168 advisory. A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alte...

Malicious code in eta-proxy-omicron-theta-sanitize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236c542af2b6ed42542ff27935ed3593b1509125430b4348128a798de5c9fe1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11565

CVE-2025-11565 affects Schneider Electric PowerChute Serial Shutdown. A path traversal (CWE-22) vulnerability could allow a Web Admin on the local network to tamper with the POST /REST/UpdateJRE payload, potentially causing elevated system access. The issue is tied to improper limitation of a pat...

Malicious code in citra-martabak25-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3b3dd049849ca05d1c5398efeda8ba1312cd144dd1ecd07a30fea77540b890 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2020-5977

Malware in sbrugna...

Gitsign 安全漏洞

Gitsign is a tool from the individual developers of Gitsign that enables key-free completion of signing Git commits. A security vulnerability exists in Gitsign that stems from the fact that there is no additional validation to ensure that the hash of an entry matches the payload being validated...

CVE-2024-21761

An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...

Authentication Bypass

Amendment This was deemed not a vulnerability. Overview hawk is a library for the HTTP Hawk Authentication Scheme. Affected versions of this package are vulnerable to Authentication Bypass. The incoming client supplied hash of the payload is trusted by the server and not verified before the...

CVE-2023-27001

An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation...

CVE-2023-27001

An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation...

Egerie Risk Manager Security Vulnerability

Egerie Risk Manager is a risk management software from Egerie. A security vulnerability exists in Egerie Risk Manager version v4.0.5 that originates from an escalation of privileges that allows an attacker to bypass the signing mechanism and tamper with the values within the JWT payload...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

Input validation

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...