GHSA-WQCR-7RF3-F64M Singluarity: Incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

📄 Dovecot ManageSieve Crash Denial of Service

This Metasploit auxiliary module targets a denial of service vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes. Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2. Fixed in versions 2.4.3 and 3.1.3...

CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

EUVD-2010-4160

Malware in sbrugna...

EUVD-2006-2512

Malware in sbrugna...

EUVD-2019-3557

Malware in sbrugna...

EUVD-2008-1285

Malware in sbrugna...

EUVD-2019-3556

Malware in sbrugna...

EUVD-2006-0510

Malware in sbrugna...

EUVD-2019-15493

Malware in sbrugna...

CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token...

CVE-2010-5150

Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

Unisys UOS20 Professional Edition of Unisys Software Technology Ltd. suffers from a local extraction vulnerability

Unisys Software Technology Limited Unisys, founded in 2019, is a company that specializes in the research, development and service of operating systems. Unisys Software Technology Limited Unisys UOS20 Professional Edition suffers from a local elevation of privilege vulnerability, which can be...

Wyse Management Suite Improper Access Control Vulnerability (CNVD-2025-26823)

Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An improper access control vulnerability exists in Wyse Management Suite that stems from incorrect access control. An...

Dell Wyse Management Suite 安全漏洞

Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An improper access control vulnerability exists in Wyse Management Suite that stems from incorrect access control. An...

CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token...

Default credentials

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token...

CVE-2022-30028

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token...

CVE-2022-30028

Dradis Professional Edition (affected: prior to 4.3.0) is vulnerable to password change via reusing a password reset token in the password reset flow. Root cause: token reuse during reset enables an attacker to set a new password for an account. Impact: unauthorized password change as described i...