CVE-2026-34164

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

PT-2026-29322

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

PT-2026-29346

Name of the Vulnerable Software and Affected Versions SonicWall Email Security affected versions not specified Description A flaw exists in the SonicWall Email Security appliance related to insufficient input validation. This could result in data corruption, potentially allowing a remote attacker...

CVE-2019-11078

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...

EUVD-2018-13164

Malware in sbrugna...

EUVD-2019-18426

Malware in sbrugna...

EUVD-2019-7720

Malware in sbrugna...

EUVD-2019-19114

Malware in sbrugna...

EUVD-2025-19058

Malicious code in bioql PyPI...

EUVD-2023-25062

Malicious code in bioql PyPI...

EUVD-2022-33503

Malicious code in bioql PyPI...

EUVD-2024-38202

Malicious code in bioql PyPI...

EUVD-2024-41491

Malicious code in bioql PyPI...

EUVD-2022-0104

Malicious code in bioql PyPI...

CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

CVE-2018-10946

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...

CVE-2019-17307

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...

CVE-2019-17306

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user...

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin=add URI, a related issue to CVE-2018-19332...