UniFi Network Application Path Traversal Vulnerability Assessment Tool

This tool lets you safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557 without causing any disruption. CVE-2026-22557 is an unauthenticated path traversal vulnerability in the UniFi Network Application's guest captive portal that allows remote attackers to...

PT-2026-45486

Name of the Vulnerable Software and Affected Versions praisonai-platform versions prior to 0.1.4 Description A privilege escalation flaw exists in the PraisonAI Platform that allows any workspace member to grant owner-level privileges to arbitrary users. The issue stems from the POST...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

PT-2026-45543

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-10173

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

Open5GS 授权问题漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contained vulnerabilities related to authorization. These vulnerabilities were caused by an unknown function in the file...

EUVD-2018-21948

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

web-application-security-testing-tool

web-application-security-testing-tool A Python-based Web Appli...

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

WinMTR 安全漏洞

WinMTR is an open-source network diagnostic tool developed by WinMTR. Version 0.91 of WinMTR contains a security vulnerability, which stems from a buffer overflow. This vulnerability could allow attackers to cause the application to crash by sending malicious load files containing repeated...

Malicious Package

Overview @t-in-one/getapplicationhid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @t-in-one/addapplication is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...