Authorization Bypass

9router is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization handling in the Administrative API endpoint /api, which allows an attacker to bypass access controls and perform unauthorized actions remotely...

CVE-2026-5351

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function addwpsclient of the file /setup.cgi. This manipulation of the argument wlenroleepin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and coul...

CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

Advisory ROSA-SA-2026-3162

Software: sqlite 3.26.0 OS: ROSA Virtualization 3.1 unaffected versions = sqlite-3.26.0-20.rv31 affected versions sqlite-3.26.0-20.rv31 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...

CVE-2025-15449

CVE-2025-15449 affects the JavaMall project, specifically the delete function in MinioController.java, where manipulating the objectName argument enables path traversal. This vulnerability can be exploited remotely; affected versions are before 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Multiple c...

EUVD-2008-3781

Malware in sbrugna...

EUVD-2014-4428

Malware in sbrugna...

EUVD-2009-2389

Malware in sbrugna...

Advisory ROSA-SA-2025-2999

software: sqlite 3.41.2 OS: ROSA-CHROME unaffected versions = sqlite-3.41.2-3 affected versions sqlite-3.41.2-3 CVE-ID: CVE-2025-3277 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An integer overflow vulnerability in the SQLite concatws function that could lead to a buffer overflow of up to 4 GB and...

Linux Distros Unpatched Vulnerability : CVE-2011-3018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

Linux Distros Unpatched Vulnerability : CVE-2016-5633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance...

CVE-2025-22423

In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

The vulnerability of the built-in BOA server (/boafrm/formMultiAPVLAN) of the TOTOLINK X15 router’s microprogramming software allows a hacker to cause a service failure.

The vulnerability of the built-in server boa /boafrm/formMultiAPVLAN of the TOTOLINK X15 microprogrammed router software is related to the issue where the operation’s output goes beyond the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote...

CVE-2010-2271

Format string vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path aka Password File parameter...

The vulnerability of the sub_422eb8 function in Linksys E8450 Wi-Fi routers allows a hacker to induce a service failure.

The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogramming software lies in the copying of buffers without checking the size of the input data during the strcopy parameter processing. Exploiting this vulnerability can allow an attacker to cause service...

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) Off-by-One Config Write DoS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description A vulnerability was identified in a PHP script where an off-by-one...

The vulnerability of the Serialization component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to trigger a service failure.

The vulnerability of the Serialization component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Advisory ROSA-SA-2024-2503

Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...

PT-2023-8960

Name of the Vulnerable Software and Affected Versions libheif version 1.17.5 Description The issue is related to a segmentation error in the find exif tag function of the libheif decoder and encoder for file formats. Exploitation of this issue could allow a remote attacker to impact the...

The vulnerability of the Fisheye code search and comparison tool, as well as the Crucible code verification tool, related to uncontrolled resource consumption, allows a violator to trigger a service failure.

The vulnerability of the Fisheye code search and comparison tool, as well as the Crucible code verification tool, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...