EUVD-2022-41596

Malicious code in bioql PyPI...

EUVD-2023-52481

Malicious code in bioql PyPI...

EUVD-2023-44151

Malicious code in bioql PyPI...

CVE-2025-52427

The CVE-2025-52427 issue affects QNAP QTS and QuTS hero (QTS 5.2.6.3195 build 20250715 and later; QuTS hero h5.2.6.3195 build 20250715 and later) and is caused by a NULL pointer dereference in the OS. The vulnerability can be triggered by an administrator-level account, enabling a remote attacker...

CVE-2025-48727 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2023-28636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrat...

PT-2025-34754 · Teamviewer · Teamviewer

Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.69 Description: A race condition exists in the directory validation logic within the TeamViewer Full Client and Host on Windows. This allows a local, non-administrator user to create arbitrary files with SYSTEM...

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN Vendor Homepage: https://github.com/pivotx Software Link: https://github.com/pivotx/PivotX Version: 3.0.0 RC3 Tested on: Debian 11, PHP 7.4 CVE : CVE-2025-52367 Vulnerability Type:...

CVE-2025-4231

Palo Alto Networks PAN-OS is affected by CVE-2025-4231: an authenticated administrative user can execute commands as root via the management Web interface. Exploitation requires network access to the PAN-OS management UI and successful authentication. Cloud NGFW and Prisma Access are not impacted...

CVE-2023-0162

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

CVE-2023-35786

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files...

CVE-2023-0279

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-1425

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...

CVE-2020-19882

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menudescription' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2024-12680

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

UBUNTU-CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

PT-2025-9652

Name of the Vulnerable Software and Affected Versions VMware ESXi affected versions not specified Description VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write, leading to an escape of the sandbox...

CVE-2024-1882

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...