28 matches found
CVE-2026-50136
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
EUVD-2020-20827
Malware in sbrugna...
EUVD-2018-17149
Malware in sbrugna...
EUVD-2015-1133
Malware in sbrugna...
EUVD-2011-2981
Malware in sbrugna...
EUVD-2012-2285
Malware in sbrugna...
EUVD-2020-21424
Malware in sbrugna...
EUVD-2007-0480
Malware in sbrugna...
EUVD-2019-15509
Malware in sbrugna...
EUVD-2022-38180
Malicious code in bioql PyPI...
EUVD-2024-3074
Malicious code in bioql PyPI...
CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...
CVE-2024-20900
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication...
CVE-2022-39308
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
CVE-2019-5954
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors...
CVE-2013-4967
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes...
CVE-2025-20955
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images...
PT-2025-17337 · Seclore · Seclore
Name of the Vulnerable Software and Affected Versions: Seclore version 3.27.5.0 Description: An issue in the login page of Seclore allows attackers to bypass authentication via a brute force attack. Recommendations: For version 3.27.5.0, consider temporarily restricting access to the login page...
CVE-2025-20940
Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS...
CVE-2025-29988
Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution...