CVE-2026-22028

A flaw was found in Preact, a lightweight web development framework. A security regression allows an attacker to bypass JSON serialization protection, leading to HTML injection. This vulnerability arises when applications process unsanitized data from external sources, allowing malicious JSON to ...

CVE-2025-61547

Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...

CVE-2025-47339

Memory corruption while deinitializing a HDCP session...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

preact 安全漏洞

preact is a Java library from Preact open source. A security vulnerability exists in preact version 10.26.5, which stems from weakened JSON serialization protection and could lead to HTML injection...

Quantum Secure Biometric Authentication in Decentralised Systems

Biometric authentication has become integral to digital identity systems, particularly in smart cities where it en-ables secure access to services across governance, trans-portation, and public infrastructure. Centralised archi-tectures, though widely used, pose privacy and scalabil-ity challenge...

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure during pnpm install. An attacker can execute arbitrary code by introducing a malicious git-hosted dependency that leverages prepare, prepublish, or prepack scripts during the fetch phase. Remediation Upgrade...

CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-47339

Memory corruption while deinitializing a HDCP session...

CVE-2019-16059

Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page...

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...

CVE-2019-12758

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature...

CVE-2019-12752

The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system...

CVE-2019-12239

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access...

CVE-2019-12756

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

CVE-2019-12757

Symantec Endpoint Protection SEP, prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition SEP SBE prior to 12.1 RU6 MP10d 12.1.7510.7002, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to...

CVE-2019-12759

Symantec Endpoint Protection Manager SEPM and Symantec Mail Security for MS Exchange SMSMSE, prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicati...

CVE-2022-27609

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it...

CVE-2025-31963

Summary (CVE-2025-31963) : In HCL BigFix IVR version 4.2, the local setup interface component suffers from improper authentication and missing CSRF protection. This allows a local attacker to perform unauthorized configuration changes through unauthenticated administrative configuration requests....