181 matches found
SUSE CVE-2024-21061
unknown...
CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login
Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...
MINI-8X5R-W37Q-WJXR
Bulletin has no description...
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
UBUNTU-CVE-2026-25061
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...
PT-2026-4564
C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...
PT-2026-2206
Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description An attacker with a network connection could detect credentials in clear text. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
EUVD-2025-206233
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will...
CVE-2025-64424 Colify has command injection vulnerability in project git source
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...
PT-2025-53041
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the iommufd subsystem where the same hardware-assisted page table hwpt could be added to the ioas-hwpt list multiple times. This double addition...
CVE-2025-9977
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
CVE-2025-9977
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
CVE-2025-9977
CVE-2025-9977 affects Times Software E-Payroll. The issue stems from improper sanitization of data in a POST parameter during login, which could let an unauthenticated attacker cause a DoS and may enable SQL injection; command injection attempts have also produced detailed error messages exposing...
CVE-2025-9977 Improper neutralization of input in Times Software E-PAYROLL
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
EUVD-2025-198043
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
PT-2025-47333
Name of the Vulnerable Software and Affected Versions Times Software E-Payroll affected versions not specified Description The application does not properly sanitize data received in POST parameters during the login process, potentially allowing an unauthenticated attacker to perform...
CVE-2025-40067
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already...
Linux Distros Unpatched Vulnerability : CVE-2025-39981
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmtpending being freed while still being processed like in the following...
PT-2025-42340
Name of the Vulnerable Software and Affected Versions BIG-IP systems affected versions not specified Description Undisclosed traffic can lead to data corruption and unauthorized data modification in protocols lacking message integrity protection. Software versions that have reached End of Technic...
EUVD-2024-55017
Malicious code in bioql PyPI...