CVE-2026-43334 Bluetooth: SMP: force responder MITM requirements before building the pairing response

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

EUVD-2019-2664

Malware in sbrugna...

EUVD-2014-0160

Malware in sbrugna...

EUVD-2024-27020

Malicious code in bioql PyPI...

PT-2025-30585 · Unknown · Oscommerce Online Merchant

Name of the Vulnerable Software and Affected Versions: osCommerce Online Merchant version 2.3.4.1 Description: A remote code execution issue exists due to insecure default configuration and missing authentication in the installer workflow. The /install/ directory remains accessible after...

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

CVE-2020-27285

The default configuration of Crimson 3.1 Build versions prior to 3119.001 allows a user to be able to read and modify the database without authentication...

CVE-2020-29456

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

K16009: OpenSSH vulnerability CVE-2014-9278

Security Advisory Description The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended...

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history...

Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

CVE-2019-17511

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via logget.php, which could be used to discover the intranet network structure...

Ubuntu Fixes Linux Systemd Bug

Developers with Canonical pushed out a handful of patches for the Linux-based operating system Ubuntu this week, including one that resolves a bug that could have let an attacker cause a denial of service or execute arbitrary code with a TCP payload. Chris Coulson, a software and electronics...

IRS Announces Safeguards to Protect Taxpayer Information

The Internal Revenue Service IRS has issued two news releases addressing new safeguards to protect taxpayers and strengthen authentication requirements. The electronic filing e-File PIN, an alternative signature verification tool used to assist with electronic tax filing, will no longer be...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the krb5-client package on the SUSE Linux Enterprise operating system can be exploited, leading to a violation of the confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely by a malicious individual who has complet...

PostgreSQL 9.0 < 9.0.19 / 9.1 < 9.1.15 / 9.2 < 9.2.10 / 9.3 < 9.3.6 / 9.4 < 9.4.1 Multiple Vulnerabilities

Binary data 8727.prm...

CVE-2014-2005

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...

CVE-2014-2005

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...