CVE-2020-36929

CVE-2020-36929 concerns Brother BRPrint Auditor 3.0.7, which is vulnerable to an unquoted service path in its Windows services BrAuSvc and BRPA_Agent. The underlying issue allows local attackers to inject a malicious executable and escalate privileges on the system. The documented impact is local...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002613 advisory. In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue...

CVE-2018-18198

The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/mediainputfield=XSS request...

CVE-2009-4150

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors...

CVE-2021-33365

Memory leak in the gfisomgetrootod function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file...

CVE-2023-45670

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...

CVE-2025-69263

CVE-2025-69263 affects the pnpm package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without an integrity hash, enabling a remote server to serve different content on each install. An attacker publishing a package with an HTTP tarba...

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000213 advisory. The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, i...

SUSE CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

PT-2026-4845

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.2 Description A flaw exists in the pypdf library that allows attackers to trigger an infinite loop by creating a PDF file with cyclic outline references. This requires accessing the outlines or bookmarks within the...

PHPEMS 竞争条件问题漏洞

PHPEMS is a PHP online practice exam system. A Competitive Condition Issue vulnerability exists in PHPEMS version 11.0 and earlier, which stems from a competitive condition in the component Coupon Handler that could lead to a competitive condition attack...

GHSA-263Q-5CV3-XQ9G Gitea allows attackers to add attachments with forbidden file extensions

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

Advantech WebAccess/SCADA Code Issue Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...

CVE-2024-58303 FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...