SUSE CVE-2024-50102

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

Cisco IOS XE Software Release 3E HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS XE Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed...

PT-2026-27799

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software Release 3E Description A flaw exists in the HTTP Server feature that could allow a remote attacker with valid user credentials to cause an unexpected device reload, leading to a denial of service Do...

CVE-2025-40805

CVE-2025-40805 affects Siemens Industrial Edge Devices. The issue is an authentication bypass on specific API endpoints, allowing an unauthenticated remote attacker to learn a legitimate user identity and impersonate that user. Root cause described across sources is improper enforcement of user a...

CVE-2026-0492

CVE-2026-0492 concerns the SAP HANA database. The connected documents describe a privilege-escalation flaw where an attacker with valid credentials of any user can switch to another user and potentially gain administrative access, risking full compromise of confidentiality, integrity, and availab...

CVE-2020-24008

Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

PT-2025-49124

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description An unauthenticated remote attacker can send a request to an API endpoint to obtain security questions. This could potentially reveal valid user accounts. Recommendations...

CVE-2025-41066 Disclosure of sensitive information in Horde Groupware

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

EUVD-2018-11725

Malware in sbrugna...

EUVD-2020-12754

Malware in sbrugna...

EUVD-2000-1020

Malware in sbrugna...

EUVD-2023-3194

Malicious code in bioql PyPI...

EUVD-2022-4367

Malicious code in bioql PyPI...

EUVD-2024-27185

Malicious code in bioql PyPI...

PT-2025-39669

Name of the Vulnerable Software and Affected Versions Aranda PassRecovery version 1.0 Description An issue allows attackers to enumerate valid user accounts in Active Directory. This is achieved by sending a crafted POST request to the /user/existdirectory/1 API endpoint. The POST request allows...

CVE-2025-20312

Cisco IOS XE Software SNMP subsystem vulnerability (CVE-2025-20312) allows authenticated remote attackers to cause DoS by causing a device reload through a crafted SNMP request. Affected: SNMP v1/v2c/v3; exploitation requires a valid read-write or read-only community string (v2c) or valid SNMP us...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

Commvault 参数注入漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the toolsUploaderHandler function. An attacker can execute arbitrary code and compromise the integrity, confidentiality, and availability of the system by uploading malicious binaries through an authenticated...

Improper Authorization

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creatin...