CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

EUVD-2022-35447

Malicious code in bioql PyPI...

CVE-2025-48784

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization...

PT-2024-7516 · Rockwell Automation · Rockwell Automation Thinmanager

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager affected versions not specified Description: An authentication issue exists in the affected product, allowing a threat actor with network access to send crafted messages to the device, potentially resulting in...

Diebold Nixdorf Vynamic View Console 代码问题漏洞

Diebold Nixdorf Vynamic View Console is a Diebold Nixdorf system that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A code issue vulnerability exists in Diebold Nixdorf Vynamic View Console versions prior to 5.9.5 that stems from an...

PT-2023-9106 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the DDP service of the D-Link DAP-2622 wireless access point's firmware. This allows a remote attacker ...

Design/Logic Flaw

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...

PrinterLogic Client Multiple Vulnerabilities (May 3, 2019)

The version of PrinterLogic Client installed on the remote host is affected by the following vulnerabilities: - The PrinterLogic Print Management software does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious,...

The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator (MSO) allows a attacker to modify the device’s configuration.

The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator MSO is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify the device’s configuration remotely...

The vulnerability in the web interface of the Cisco Integrated Management Controller, a software tool for remote administration of servers, allows a malicious individual to make unauthorized changes to the system configuration.

The vulnerability of the web interface for managing Cisco Integrated Management Controllers involves authentication errors. Exploiting this vulnerability allows an attacker to make unauthorized changes to the system configuration remotely...

Router ONO Hitron CDE-30364 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage:...

Medium: cups

Issue Overview: It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary...