EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...

CVE-2026-5753 All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the add.json.php process. An attacker can gain unauthorized control over another user's broadcast schedules and execute rebroadcasts as th...

EUVD-2026-16715

AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking...

CVE-2026-34245 AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless...

CVE-2026-34245

WWBN AVideo is affected by CVE-2026-34245: in versions up to 26.0, the endpoint plugin/PlayLists/View/Playlists_schedules/add.json.php allows any authenticated user with streaming permission to create/modify broadcast schedules for any playlist, regardless of ownership. When a scheduled rebroadca...

FUXA Unauthenticated Remote Arbitrary Scheduler Write

Summary An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patch...

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

CVE-2025-3653 Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...

EUVD-2020-3568

Malware in sbrugna...

EUVD-2021-26251

Malware in sbrugna...

EUVD-2022-36197

Malicious code in bioql PyPI...

EUVD-2022-35834

Malicious code in bioql PyPI...

EUVD-2022-37604

Malicious code in bioql PyPI...

EUVD-2021-29305

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-2022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting...

Malicious code in vrfi-schedules (npm)

The package vrfi-schedules was found to contain malicious code...