261 matches found
CVE-2025-68436
CVE-2025-68436 affects Craft CMS: versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16. The issue allows authenticated users to potentially expose sensitive assets via their user profile photo through maliciously crafted requests, causing information disclosure. No exploitation details...
EUVD-2025-204707
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
CVE-2025-63386
CVE-2025-63386 affects Dify v1.9.1, specifically the /console/api/setup endpoint. The vulnerability arises from a misconfigured CORS policy that reflects any Origin header and sets Access-Control-Allow-Credentials: true, allowing arbitrary external domains to make authenticated requests. Impact i...
PT-2025-52262
Name of the Vulnerable Software and Affected Versions Dify version 1.9.1 Description A Cross-Origin Resource Sharing CORS misconfiguration exists in the /console/api/setup endpoint. The endpoint has an insecure CORS policy that reflects any Origin header and allows Access-Control-Allow-Credential...
Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities
Overview A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices. Description...
PT-2025-47334
Name of the Vulnerable Software and Affected Versions pluginsGLPI Database Inventory Plugin versions prior to 1.0.3 Description The Database Inventory Plugin for pluginsGLPI manages Teclib' inventory agents to inventory databases on workstations. Prior to version 1.0.3, any authenticated user cou...
CVE-2025-34293
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
CVE-2025-34293
GN4 Publishing System before 2.6 is affected by an insecure direct object reference (IDOR) via the API. Authenticated requests to object endpoints allow an authenticated user to query arbitrary user IDs and retrieve sensitive data, including stored passwords and the account’s security question/an...
EUVD-2017-5604
Malware in sbrugna...
EUVD-2020-5835
Malware in sbrugna...
EUVD-2020-5836
Malware in sbrugna...
EUVD-2018-2244
Malware in sbrugna...
EUVD-2017-18725
Malware in sbrugna...
EUVD-2018-18284
Malware in sbrugna...
EUVD-2019-0332
Malware in sbrugna...
EUVD-2021-9091
Malicious code in bioql PyPI...
EUVD-2021-9089
Malicious code in bioql PyPI...
EUVD-2023-58561
Malicious code in bioql PyPI...
EUVD-2022-6454
Malicious code in bioql PyPI...
EUVD-2021-9048
Malicious code in bioql PyPI...