EUVD-2025-32501

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

CVE-2025-58578 Unlimited user creation by authorized users

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

CVE-2025-58578 Unlimited user creation by authorized users

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

BIT-MONGODB-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash

An authorized user can issue queries with duplicate id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0...

EUVD-2021-28627

Malicious code in bioql PyPI...

EUVD-2023-29160

Malicious code in bioql PyPI...

EUVD-2023-26997

Malicious code in bioql PyPI...

EUVD-2022-6277

Malicious code in bioql PyPI...

EUVD-2023-58406

Malicious code in bioql PyPI...

EUVD-2024-21079

Malicious code in bioql PyPI...

EUVD-2023-37404

Malicious code in bioql PyPI...

EUVD-2023-29159

Malicious code in bioql PyPI...

EUVD-2025-20271

Malicious code in bioql PyPI...

Cache Key Confusion

Next.js is vulnerable to cache key confusion. The vulnerability is due to improper handling of request headers in the Image Optimization API routes, which allows an attacker to receive cached image responses intended for authorized users...

Linux Distros Unpatched Vulnerability : CVE-2021-28054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting XSS issue in Configuration Hosts allows remote authenticated...

Linux Distros Unpatched Vulnerability : CVE-2023-6157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in ajaxsearch in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command executi...

Linux Distros Unpatched Vulnerability : CVE-2025-3082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. Th...

Windows Defender Firewall Service Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally...

Linux Distros Unpatched Vulnerability : CVE-2021-3816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group vi...

PT-2025-34367 · Unknown · Mcsmanager

Name of the Vulnerable Software and Affected Versions: MCSManager version 10.5.3 Description: The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized...