CVE-2026-8097

CVE-2026-8097 affects CodeAstro Online Classroom 1.0. The vulnerability is in unknown code of /askquery.php, where manipulating the squeryx argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. CVSS-derived metrics in the provided data indicate a MEDIU...

CVE-2026-32573

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

CVE-2017-6261

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure...

EUVD-2016-0708

Malware in sbrugna...

BELL-CVE-2025-39914

Bulletin has no description...

XML External Entity (XXE) Injection

Overview org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to XML External Entity XXE Injection. An attacker can access sensitive...

PT-2025-19347 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Steve versions prior to v0.2.1 Steve versions prior to v0.3.3 Steve versions prior to v0.4.4 Steve versions prior to v0.5.13 Description: A vulnerability has been identified in Steve where it uses an insecure option by default, not validating...

PT-2025-16337 · Git · Peertube

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: This issue allows an attacker to add playlists to a different user's channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who perform...

PT-2025-14458 · Assetview +1 · Assetview +1

Name of the Vulnerable Software and Affected Versions: AssetView versions affected versions not specified AssetView CLOUD versions affected versions not specified Description: A missing authentication for critical function vulnerability exists in the software. If exploited, a remote unauthenticat...

PT-2025-14411 · Unknown · Pages Order

Name of the Vulnerable Software and Affected Versions: Pages Order versions 1.1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS in NotFound Pages Order. Recommendations:...

CVE-2025-25175

A vulnerability has been identified in Simcenter Femap V2401 All versions V2401.0003, Simcenter Femap V2406 All versions V2406.0002. The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the...

UUID Attack

github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...

Kofax Power PDF 安全漏洞

Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF that stems from a specific flaw in the parsing of PDF files, which lacks proper validation of the length of user-supplied data prior to copying it into a heap-based...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. A command execution vulnerability exists in IBM AIX version 7.3, VIOS version 4.1, which stems from Perl's failure to properly filter construct command special...

The vulnerability of the microprogrammed software of the multi-channel voice recorder EasyLog Web+ BRS-5003 and EasyLog Web+ BRS-800 lies in improper control of code generation, allowing intruders to execute arbitrary commands.

The vulnerability of the microprogrammed software of the multi-channel voice recorder EasyLog Web+ BRS-5003 and EasyLog Web+ BRS-800 is related to incorrect code generation control. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary commands...

The vulnerability of the FSMLabs TimeKeeper software synchronization mechanism, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the FSMLabs TimeKeeper time synchronization software is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

PT-2023-5132 · Microsoft · 3D Builder

Name of the Vulnerable Software and Affected Versions: 3D Builder affected versions not specified Description: The issue is related to a buffer overflow in memory when handling GLB files, which can allow an attacker to execute arbitrary code by loading a specially crafted file or link...

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020 and EcoStruxure Geo SCADA Expert 2019 lies in the lack of protection for operational data, allowing attackers to disclose sensitive information.

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, and EcoStruxure Geo SCADA Expert 2021 lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose th...

Exploit for Use After Free in Microsoft

No d...

SIEMENS LOGO! 8 BM Critical Functions Missing Certification Vulnerability

SIEMENS LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in SIEMENS LOGO! 8 BM, which can be exploited by an attacker who has access to specific services to gain unauthorized full access to all services...