Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

CVE-2025-0980

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials...

Exploit for CVE-2025-9074

CVE-2025-9074 Docker Container Command Execution Tool A power...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets, which arises from a memory corruption when processing large input data from a communication interface from a remote source...

EUVD-2025-36355

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkrmtitfaddr function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...

EUVD-2007-3253

Malware in sbrugna...

EUVD-2012-2988

Malware in sbrugna...

EUVD-2012-3004

Malware in sbrugna...

CVE-2025-7388

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

CVE-2025-52545

E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...

CVE-2025-52545 Privilege escalation in the application services

E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...

Linux Distros Unpatched Vulnerability : CVE-2025-5067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2017-7153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTun...

Linux Distros Unpatched Vulnerability : CVE-2024-20919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication 12.2.0.334 and previous 12.X versions, which stems from a vulnerability that allows the exposure of saved credentials by leveraging a combination of method...

DEBIAN-CVE-2024-6999

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Home Assistant Code Issue Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant Companion versions prior to 2023.7, which stems from a Server Request Forgery SSRF vulnerability in the component...

CVE-2023-30649

Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code...