PT-2026-49288

Name of the Vulnerable Software and Affected Versions OpenSIPS Control Panel versions prior to 9.3.3 Description A Time-Based Blind SQL Injection in the alias management module allows authenticated attackers to execute arbitrary SQL commands. This occurs via the 'table' GET parameter in the 'alia...

CVE-2026-8410

Concrete CMS versions 9.0.0–9.4.9 are vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/logs/bulk/delete. The issue stems from that specific path and affects versions up to 9.4.9; upgrading to 9.5.0 or later is recommended. The data in connected sources c...

CVE-2026-44556

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While...

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

EUVD-2019-13459

Malware in sbrugna...

CVE-2025-30477

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of limitations on incorrect login attempts for API logins, which could lead to unauthorized access to other user accounts...

AZL-34559 CVE-2023-50387 affecting package bind for versions less than 9.20.0-1

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

SUSE CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

Vim Resource Management Error Vulnerability

Vim is a cross-platform text editor. A resource management error vulnerability exists in versions prior to Vim v9.0.2106, which stems from the fact that when a window is closed, vim may attempt to access a window structure that has been freed...

AZL-31041 CVE-2023-5344 affecting package vim for versions less than 9.0.2010-1

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969...

CVE-2023-4661

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9...

CVE-2023-37759

Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A buffer overflow vulnerability...

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A buffer overflow vulnerability...

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A buffer overflow vulnerability...

PT-2022-21443 · Puppet +1 · Puppetlabs-Apt +1

Name of the Vulnerable Software and Affected Versions: puppetlabs-apt versions prior to 9.0.0 Description: Command injection is possible in the puppetlabs-apt module. A malicious actor can exploit this issue if they can provide unsanitized input to the module. This condition is rare in most...

UBUNTU-CVE-2022-2874

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224...