CVE-2026-20223

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

CVE-2026-41219

Summary of CVE-2026-41219 (BIG-IP qkview): A low-privileged attacker can read sensitive information from a QKView file due to improper sanitization in the BIG-IP qkview utility. Affected branches include BIG-IP Next (SPK/CNF for all, with known vulnerable ranges) and BIG-IP (17.x, 16.x) as shown ...

CVE-2026-32684

The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information...

Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...

CVE-2026-33776

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

CVE-2026-33776

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

Windmill SQL注入漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.276.0 to 1.603.2 have a SQL injection vulnerability. This vulnerability stems from the owner parameter in the folder ownership management function, which allows for SQL injection attacks. It...

Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

IBM SECURITY ADVISORY First Issued: Thu Apr 2 15:29:58 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/postgresadvisory.asc Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS...

CVE-2026-24310

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

QNAP Systems File Station 5 路径遍历漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5190 contained a path traversal vulnerability. This vulnerability was due to the presence of path traversal vulnerabilities,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003538 advisory. The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg...

CVE-2021-41942

The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database...

CVE-2025-9454

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-11797 DWG File Parsing Use-After-Free Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

EUVD-2008-5338

Malware in sbrugna...

EUVD-2025-14530

Malicious code in bioql PyPI...

EUVD-2025-25035

Malicious code in bioql PyPI...

PT-2025-34659 · Dasan · Dasan Gpon Onu H660Wm +1

Name of the Vulnerable Software and Affected Versions: DASAN GPON ONU H660WM H660WMR210825 affected versions not specified Description: DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

PT-2025-33486 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can trigger an Out-of-Bounds Read issue. A malicious actor can exploit this to cause a crash, read...