CVE-2026-41090

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

CVE-2026-41090

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

ROS-20260505-73-0046

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

CVE-2026-7611

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

CVE-2026-6635

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function toolcall of the file apps/experimental/toolswebhook/app.py of the component toolswebhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

Ubuntu: Security Advisory (USN-8138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering

Summary The OpenClaw Nostr channel plugin optional, disabled by default, installed separately exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile GET/PUT and /api/channels/nostr/:accountId/profile/import POST. In affected versions, these routes were dispatched v...

PT-2026-5381

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...

📄 Malwarebytes Anti-Malware 2.x Privilege Escalation

This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...

ROS-20251113-06

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

CVE-2025-59280

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network...

Code-Projects Online Event Judging System SQL注入漏洞

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the /reviewsearch.php file not securely filtering the txtsearch parameter. An attacker can exploit this vulnerability to remotely execute...

Linux Distros Unpatched Vulnerability : CVE-2022-4134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual...

CVE-2025-9379

This CVE concerns Belkin AX1800 router (firmware 1.1.00.016) with a vulnerability in the Firmware Update Handler. The issue is insufficient verification of data authenticity, enabling remote exploitation. Multiple connected sources corroborate that the vulnerability can be triggered remotely and ...

PT-2025-34168 · Xuxueli · Xxl-Job

Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions up to 3.1.1 Description: A vulnerability exists in the getJobsByGroup function located in the /src/main/java/com/xxl/job/admin/controller/JobLogController.java file. Manipulation of the jobGroup argument results in...

code-projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from a parameter i in the file /orders.php that is not securely filtered. An attacker can exploit this vulnerability by remotely injecting...

CVE-2025-22475

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering...

SUSE CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

DEBIAN-CVE-2023-25950

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...