CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

D-Link DIR-825和D-Link DIR-825R 操作系统命令注入漏洞

D-Link DIR-825 and D-Link DIR-825R are products of D-Link Corporation from China. The D-Link DIR-825 is a router, while the D-Link DIR-825R is a wireless router. Both models, D-Link DIR-825 and D-Link DIR-825R, in their version 1.0.5/4.5.1, have a vulnerability related to operating system command...

Linux Distros Unpatched Vulnerability : CVE-2026-30928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances...

UBUNTU-CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

CVE-2026-2561

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function webgetddnsuptime of the file /jdcapi of the component jdcwebrpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit...

PT-2026-8352

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web get ddns uptime of the file /jdcapi of the component jdcweb rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003031 advisory. The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

CVE-2025-10749 Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

GHSA-9RVM-P3QM-F4VV Smidge is vulnerable to Path Traversal

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

Smidge 路径遍历漏洞

Smidge is a file compression, composition, compression, and management library from the individual developer Shannon Deminick. A path traversal vulnerability exists in Smidge 4.5.1 and earlier versions, which stems from the incorrect manipulation of the parameter Version in the Bundle Handler...

EUVD-2025-28842

Malicious code in bioql PyPI...

EUVD-2021-34630

Malicious code in bioql PyPI...

EUVD-2024-39403

Malicious code in bioql PyPI...

PT-2025-36460

CVE ID: CVE-2025-0003 Published: 2025-03-05T00:00:00.000Z Severity: HIGH 8.8/10 Description SQL injection vulnerability in the reporting module of Business Analytics Suite v4.5.0 allows authenticated users to execute arbitrary SQL commands. Root Cause Improper neutralization of special elements i...

Linux Distros Unpatched Vulnerability : CVE-2025-9386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function getl2lenprotocol of the file get.c of the component...

Appneta Tcpreplay 安全漏洞

Appneta Tcpreplay is an open source network message playback tool from Appneta. A security vulnerability exists in Appneta Tcpreplay version 4.5.1, which originates from a divide-by-zero error in the function calcsleeptime in the file sendpackets.c. The vulnerability is caused by the use of the...

CVE-2025-9386

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function getl2lenprotocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and...

CVE-2025-9384 appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...