CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained security vulnerabilities. These vulnerabilities were due to authentication bypass vulnerabilities, which could allow...

CVE-2026-23754

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

CVE-2026-22535

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured unencrypted MQTT communications protocol, write on the server topics of the board that controls the MQTT communications...

CVE-2019-12389

Anviz access control devices expose credentials names and passwords by allowing remote attackers to query this information without credentials via port tcp/5010...

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Siemens RUGGEDCOM ROS Devices Protection Mechanism Failure (CVE-2025-41224)

The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to...

EUVD-2017-10511

Malware in sbrugna...

EUVD-2019-13359

Malware in sbrugna...

EUVD-2021-14410

Malware in sbrugna...

EUVD-2018-1291

Malware in sbrugna...

EUVD-2009-4744

Malware in sbrugna...

EUVD-2000-0026

Malware in sbrugna...

YoSmart YoLink Smart Hub 安全漏洞

YoSmart YoLink Smart Hub is a smart home hub device from YoSmart USA. A security vulnerability exists in YoSmart YoLink Smart Hub version 0382, which stems from unencrypted firmware and could lead to the disclosure of network access credentials...

EUVD-2022-53446

Malicious code in bioql PyPI...

EUVD-2024-33431

Malicious code in bioql PyPI...

EUVD-2025-21644

Malicious code in bioql PyPI...