PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

SUSE CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

Flask-HTTPAuth 授权问题漏洞

Flask-HTTPAuth is an HTTP authentication extension for the Flask framework developed by Miguel Grinberg. Versions of Flask-HTTPAuth prior to 4.8.1 had an authorization vulnerability. This vulnerability occurred when the client made a request to a resource protected by a token, but did not pass th...

CVE-2026-25887

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

CVE-2026-25888

CVE-2026-25888 affects Chartbrew, an open‑source web application that can connect to databases and APIs to generate charts. A remote code execution vulnerability exists in versions prior to 4.8.1 through a vulnerable API, enabling an attacker with network access and low privileges, with no user i...

CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

PT-2026-23635

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.1, authorization checks for chart operations update, delete, etc. relied only on the project ...

Ruoyi 安全漏洞

Ruoyi is a backend management system for Ruoyi Individual Developers. A security vulnerability exists in Ruoyi version 4.8.1, which stems from a departmental privilege being higher than an active user's privilege, which may result in elevated privileges...

EUVD-2021-2213

Malware in sbrugna...

EUVD-2020-25283

Malware in sbrugna...

EUVD-2025-24145

Malicious code in bioql PyPI...

Ruoyi 授权问题漏洞

Ruoyi is a backend management system for Ruoyi's individual developers. An authorization issue vulnerability exists in Ruoyi version 4.8.1 and prior versions, which stems from an incorrect operation of the parameter userIds in the file /system/role/authUser/selectAll, which may result in improper...

CVE-2025-10473

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...