CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

EUVD-2020-6289

Malware in sbrugna...

EUVD-2020-6276

Malware in sbrugna...

EUVD-2020-5456

Malware in sbrugna...

EUVD-2025-16309

Malicious code in bioql PyPI...

EUVD-2022-50655

Malicious code in bioql PyPI...

CVE-2025-32440

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440

CVE-2025-32440 affects NetAlertX before version 25.4.14. An authentication bypass allows updating settings without authentication by crafting requests to /index.php, enabling exploitation of sensitive functions in util.php. The issue is confirmed as patched in version 25.4.14. Impact is described...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

PT-2025-23041 · Netalertx · Netalertx

Name of the Vulnerable Software and Affected Versions: NetAlertX version 25.4.13 and earlier Description: NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without...

CVE-2020-14130

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...

PT-2024-24857 · Elementor · The Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Pack Elementor addons versions 2.0.8.3 and earlier Description: A Cross-Site Request Forgery CSRF issue in The Pack Elementor addons allows for Cross-Site Scripting XSS. This means an attacker could potentially trick a user into performin...

LDAP Injection

Apache Derby is vulnerable to LDAP Injection. The vulnerability is due to improper input validation in the username field which can be used to bypass authentication checks. This can be exploited by an attacker by injecting malicious usernames, and as a result fill up the disk by creating junk Der...

Registered wallet and sub account cannot be removed

Lines of code Vulnerability details Impact Registered wallet and sub account cannot be removed Proof of Concept In WalletRegistry, the wallet can be registered by calling registerWallet the sub account can be registered as well by calling registerSubAccount However, once registered, the wallet or...

PT-2023-27591 · 大侠Wp · Dx-Auto-Save-Images

Name of the Vulnerable Software and Affected Versions: 大侠wp DX-auto-save-images plugin versions 1.4.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the use...

No access control on protocolCmd and userCmd; potential for abuse.

Lines of code Vulnerability details Impact There is no access control on the protocolCmd and userCmd functions in LiquidityMiningPath. This means anyone can call them. There should be some checks to restrict access. The protocolCmd and userCmd functions are defined on LiquidityMiningPath.sol: /...

INCORRECT ACCESS CONTROL

Lines of code https...

INCORRECT ACCESS CONTROL

Lines of code Vulnerability details Impact Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of...