PT-2026-44414

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

EUVD-2021-1463

Malware in sbrugna...

EUVD-2016-2301

Malware in sbrugna...

EUVD-2022-25250

Malicious code in bioql PyPI...

EUVD-2022-34787

Malicious code in bioql PyPI...

EUVD-2022-46513

Malicious code in bioql PyPI...

EUVD-2022-29607

Malicious code in bioql PyPI...

CVE-2025-10042

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2022-3286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member ...

FreeBSD : Gitlab -- vulnerabilities (7bfe6f39-78be-11f0-9d03-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7bfe6f39-78be-11f0-9d03-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site...

CVE-2025-20285

A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls...

CVE-2025-49537 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user...

PT-2025-28749 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier ColdFusion versions prior to 2025.3 Description: A reflected Cross-Site Scripting XSS issue affects the software. If an unauthenticated attacker convinces a victim to visit a URL...

SUSE CVE-2024-10306

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

CVE-2025-22603 AutoGPT SSRF vulnerability

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...