Dräger’s various products have security vulnerabilities

Dräger Infinity Delta, among others, are products of the German company Dräger. The Dräger Infinity Delta is a multi-parameter clinical monitor. The Dräger Infinity Kappa is a multi-parameter patient monitor. The Dräger Infinity Delta XL is a high-performance multi-parameter patient monitor...

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

OKI sPSV Port Manager 代码问题漏洞

OKI sPSV Port Manager is a network printing management tool developed by OKI Corporation in Japan. It supports the configuration of printing ports, device connections, and the management of printing services. Version 1.0.41 of OKI sPSV Port Manager contains a code vulnerability. This vulnerabilit...

K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946

Security Advisory Description A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control...

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

Summary The upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In deployments that use a supported custom PSITRANSFERUPLOADDIR whose basename prefixes a...

CVE-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

CVE-2026-20010

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific...

GO-2026-4462 Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server

Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...

CVE-2019-25288

CVE-2019-25288 concerns Wacom WTabletService version 6.6.7-3, which contains an unquoted service path vulnerability. The issue enables local attackers to execute arbitrary code with elevated privileges by placing a malicious executable in the service path, triggering code execution when the servi...

CVE-2019-25288 Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots...

Cisco Meraki Multiple Vulnerabilities (cisco-sa-snort3-dcerpc-vulns-J9HNF4tH)

According to its self-reported version, the Cisco Meraki device is affected by the following vulnerabilities.: - A vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to...

CVE-2025-20343

Cisco Identity Services Engine (ISE) contains a logic error in RADIUS processing for MAC addresses that are already rejected, which could allow an unauthenticated, remote attacker to cause ISE to restart and trigger a DoS. The vulnerability affects Cisco ISE RADIUS handling and can be exploited b...

Cisco Identity Services Engine (cisco-sa-ise-radsupress-dos-8YF3JThh)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause Cisco ISE to restart...

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

EUVD-2018-12324

Malware in sbrugna...

EUVD-2023-38266

Malicious code in bioql PyPI...

CVE-2024-54679

CyberPanel aka Cyber Panel before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions...

CVE-2023-39390

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...