EUVD-2025-18400

Malicious code in bioql PyPI...

EUVD-2025-18399

Malicious code in bioql PyPI...

CVE-2025-49134

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

Cross site request forgery (csrf)

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

GSD-2022-1004279 scsi: ibmvfc: Allocate/free queue resource only during probe/remove

scsi: ibmvfc: Allocate/free queue resource only during probe/remove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.8 by commit...

GSD-2022-1002630 blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx

blk-mq: don't touch -tagset in blkmqgetsqhctx This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...

CVE-2021-37451

Cross Site Scripting XSS exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= reflected...

UVI-2021-1000794 mptcp: fix sk_forward_memory corruption on retransmission

mptcp: fix skforwardmemory corruption on retransmission This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

UVI-2021-1000237 mt76: mt7915: fix memleak when mt7915_unregister_device()

mt76: mt7915: fix memleak when mt7915unregisterdevice This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

CVE-2019-6020

Open redirect vulnerability in PowerCMS 5.12 and earlier PowerCMS 5.x, 4.42 and earlier PowerCMS 4.x, and 3.293 and earlier PowerCMS 3.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL...

Splinterware System Scheduler Pro 5.12 Buffer Overflow

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Splinterware System Scheduler Pro 5.12 - Local Buffer Overflow SEH Date: 07-21-18 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12 Software Link:...

WHMCS Denial of Service Vulnerability

!/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@...

Perl Laundering Security Bypass Vulnerability (Windows)

The host is installed with Perl and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbperlsecbypassvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Perl Laundering Security Bypass Vulnerability Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...