CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

PT-2026-34578

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

EUVD-2026-23784

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

EUVD-2026-8517

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

EUVD-2019-18489

Malware in sbrugna...

CVE-2025-40798

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions, SIMATIC PCS neo V5.0 All versions, SIMATIC PCS neo V6.0 All versions, User Management Component UMC All versions V2.15.1.3. Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This...

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

...

Linux Distros Unpatched Vulnerability : CVE-2023-35133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3,...

CVE-2019-0332

SAP BusinessObjects Business Intelligence Platform Info View, versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting XSS vulnerability...

WordPress plugin Music Sheet Viewer 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

PT-2024-33696 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1 Description: The issue allows a remote attacker to obtain sensitive information in cleartext in a communication channel that can be detected by unauthorized...

CVE-2024-45763

Dell Enterprise SONiC OS, versions 4.1.x, 4.2.x, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a...

Dell Enterprise SONiC OS 操作系统命令注入漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. An operating system command injection vulnerability exists in Dell Enterprise SONiC OS versions 4.1. x and 4.2.x. The vulnerability stems from improper neutralization of...

PT-2024-24402 · WordPress · Geo My Wordpress

Name of the Vulnerable Software and Affected Versions: GEO my WordPress versions n/a through 4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that th...

PT-2024-23476 · Pixelite · Login With Ajax

Name of the Vulnerable Software and Affected Versions: Login With Ajax versions n/a through 4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Pixelite Login With Ajax. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...

WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Benchmark Email Lite versions = 4.1...

aldryn-django (=4.1.12.0), aolab-aopy (>=0.6.3 <=0.9.3) +20 more potentially affected by CVE-2023-46695 via django (>=4.1.0 <=4.1.12)

django PYPI version =4.1.0, =0.6.3, =1.0.0, =0.0.3, =0.0.1, =0.1.0, =0.2.6, =4.0.0, =2022.6.1, =1.0.0, =1.1.0 and more Source cves: CVE-2023-46695 Source advisory: OSV:PYSEC-2023-222...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to privilege elevation due to [CVE-2023-26604]

Summary systemd is not used directly by IBM App Connect Enterprise Certified Container but is in the images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to privilege elevation. This bulletin provides patch information to address the...