EUVD-2012-5084

Malware in sbrugna...

CVE-2025-36351

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

IBM License Metric Tool 访问控制错误漏洞

The IBM License Metric Tool is a free tool from International Business Machines IBM that helps IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU licensing needs. An Access Control Error vulnerability exists in IBM License Metric Tool...

CVE-2025-55904

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service...

CVE-2025-55904

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service...

CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

Malicious code in kakfa-service-interface-sample (npm)

The package kakfa-service-interface-sample was found to contain malicious code...

MAL-2025-24163 Malicious code in kakfa-service-interface-sample (npm)

The package kakfa-service-interface-sample was found to contain malicious code...

VulnCheck KEV: CVE-2025-34162

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

The vulnerability of the adm_mod_pwd() function in the SSI service of the TRENDnet TEW-821DAP wireless access points allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the admmodpwd function in the SSI microprogramming system of TRENDnet TEW-821DAP wireless access points is related to the escape operation from memory buffers when processing the username parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code or...

CVE-2021-26614

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

PT-2024-6327 · Veeam · Veeam Service Provider Console

Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console VSPC affected versions not specified Description: A code injection vulnerability allows a low-privileged user with REST API access to remotely upload arbitrary files to the VSPC server, leading to remote code...

PT-2024-3811 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea Secret Server versions prior to 11.7.000001 Description: The issue is related to the use of a hardcoded key for encryption in the Delinea Secret Server, allowing a remote attacker to bypass the authentication procedure. This can be...

PT-2024-20543 · Unknown · Casaos-Userservice

Name of the Vulnerable Software and Affected Versions: CasaOS-UserService versions prior to 0.4.7 Description: The issue concerns a path traversal vulnerability in the UserService API, which allows an unauthorized actor to access any file on the system due to insufficient path filtering for user...

WordPress Plugin Maintenance Mode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

VulnCheck KEV: CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

OpenJDK: range check loop optimization issue (8314307)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...