Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

EUVD-2026-12307

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

PT-2026-25600

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

EUVD-2018-1959

Malware in sbrugna...

EUVD-2025-19627

Malicious code in bioql PyPI...

PT-2025-32568

Name of the Vulnerable Software and Affected Versions: ABB Aspect affected versions not specified Description: A missing authentication issue exists for a critical function in ABB Aspect. This allows unauthorized access to sensitive functionality. Recommendations: At the moment, there is no...

Authentication Bypass

silverstripe/framework is vulnerable Authentication Bypass. This vulnerability is due to a lack of permission check to the DatabaseAdmin of function init on the buildDefaults method of the DevelopmentAdmin class, allows unauthorized users to access sensitive functionality...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2023-38290

CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...

CVE-2023-38294

The CVE-2023-38294 issue affects Itel Vision 3 Turbo devices with a pre-installed vulnerable app com.transsion.autotest.factory (versionCode 7, versionName 1.8.0(220310_1027)). The root cause is inadequate access control in this component, enabling local third‑party apps to execute arbitrary shel...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

PT-2023-24649 · WordPress · Malinky Ajax Pagination/Infinite Scroll

Name of the Vulnerable Software and Affected Versions: Malinky Ajax Pagination and Infinite Scroll plugin versions = 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...

PT-2023-26652 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...

Remote Code Execution

@keystone-6/core is vulnerable to remote code execution. The use of NODEENV not in dependencies triggers the security-sensitive functionality in a production build, which makes it vulnerable to NODEENV being inlined to development for user code...

@keystone-6/core's NODE_ENV defaults to development with esbuild

Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...

CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...