CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7330

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame frame.php because proper filtration is omitted...

CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

GHSA-2VGG-9H6W-M454 vulnerabilities

Vulnerabilities for packages: argo-cd...

GHSA-QJ89-GQXQ-9F84 vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-9MVJ-F7W8-PVH2 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

EUVD-2026-1027

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...

GHSA-MG98-J5Q2-674W

creationtimestamp| type| source ---|---|--- 2026-01-06 05:03:26+00:00| published-proof-of-concept| Telegram/831nHCRtL2evt5rniei0FJReQqtzOwaiGXzkQTpqhGeUo2I...

GHSA-WCJ4-JW5J-44WH vulnerabilities

Vulnerabilities for packages: localstack, authentik, py3-vllm-cuda-12.4, tritonserver-backend-vllm-cuda-12.9, authentik-fips...

EUVD-2026-0110

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0204

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0321

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0549

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0700

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early...

EUVD-2025-205696

DVP-12SE11T - Authentication Bypass via Partial Password Disclosure...

GHSA-X44P-GVRJ-PJ2R vulnerabilities

Vulnerabilities for packages: apache-nifi...

CVE-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

EUVD-2025-205313

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

EUVD-2025-205119

In the Linux kernel, the following vulnerability has been resolved: opp: Fix use-after-free in lazyopptables after probe deferral When devpmoppoffindiccpaths in allocateopptable returns -EPROBEDEFER, the opptable is freed again, to wait until all the interconnect paths are available. However, if...

GHSA-HM5P-X4RQ-38W4

creationtimestamp| type| source ---|---|--- 2025-12-23 23:11:23+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115771407249317251 2026-01-07 20:04:13+00:00| published-proof-of-concept| Telegram/shQsG5TFmMrzus3uWOqA-vjUO4oHdrJHZ6Xu7ifps-tm5s...