SUSE CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

Astra Linux - уязвимость в vim

“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...

Debian dsa-6227 : charon-cmd - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6227 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6227-1 [email protected]...

SUSE-SU-2026:1355-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. - CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen bsc1185842 - CVE-2021-43809: rubygem-bundler:...

EUVD-2026-10492

SQL Injection CWE-89 in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests...

CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

📄 Advantech IoTSuite / IoT Edge SQL Injection

A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite / SaaS Composer. The issue resides in the /displays/filename.json endpoint, where the filename parameter is improperly sanitized before being concatenated into a backend PostgreSQL query. An attacker...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.5-2.2.1.AXS4 (AXSA:2012-909:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-909:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2012-0547 Unspecified vulnerability in the Java Runtime Environment JRE...

Arbitrary Code Injection

Overview neuron-core/neuron-ai is a The PHP Agentic Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such in the MySQLSelectTool. A...

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

EUVD-2010-1449

Malware in sbrugna...

EUVD-2017-3350

Malware in sbrugna...

EUVD-2021-31296

Malicious code in bioql PyPI...

EUVD-2022-34391

Malicious code in bioql PyPI...

LB-Link多款产品 安全漏洞

LB-Link BL-AC2100AZ3 and others are a wireless router from China Bilink LB-Link. A security vulnerability exists in various LB-Link products, which originates from an unauthorized command injection in the /goform/setserialcfg interface, which may result in the remote execution of malicious...

Linux Distros Unpatched Vulnerability : CVE-2023-5540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. CVE-2023-5540 Note that Nessus...

PT-2025-22853 · Bitwarden · Bitwarden

Name of the Vulnerable Software and Affected Versions: Bitwarden versions up to 2.25.1 Description: A vulnerability was found in the PDF File Handler component of Bitwarden, leading to cross-site scripting. The attack can be launched remotely, and the exploit has been disclosed to the public. The...

CVE-2022-43550

A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution...

CMS Made Simple < 2.2.15 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...