CVE-2024-36493

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-52967

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection...

ROS-20250114-03

Vulnerability in the Hash Handler component of the 389-ds-basic package is related to insufficient verification of the of password hashes. Exploitation of the vulnerability could allow an intruder to cause a denial of service...

PT-2025-2452 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: A stack-based buffer overflow vulnerability exists in the set wifi basic function within the wireless.cgi component. A specially crafted HTTP request can lead to arbitrary command execution. An...

Malicious code in marked-cs (npm)

This package deploys Windows gh0strat malware via VBScript --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82f49714fc5f2d734162fbcc4c7c4552ec6d6e89b81109ba8652c3d057686022 Any computer that has this package installed or running should be considered fully compromised...

Malicious code in just-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95cb11d9c49d15c2a3d932930ab9d4f1567e118bf2ed951ab313856878f88859 Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

MAL-2025-191770 Malicious code in just-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95cb11d9c49d15c2a3d932930ab9d4f1567e118bf2ed951ab313856878f88859 Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

CVE-2024-13291

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

CVE-2024-13291

CVE-2024-13291 concerns Drupal’s Basic HTTP Authentication module. Affected versions are 7.X-1.0 through 7.X-1.3 (and 7.X-1.0 to 7.X-1.3 per PT-2024-10484) with the issue arising from insufficient authorization, enabling forceful browsing (an access-bypass scenario). The vulnerability is fixed in...

CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

Malicious code in walletcore-gen (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

PT-2026-20548

Name of the Vulnerable Software and Affected Versions Orthanc versions prior to 1.12.10 Description An authorisation logic flaw exists in the HTTP Basic Authentication implementation of Orthanc. Successful exploitation could lead to privilege escalation, potentially granting full administrative...

AZL-55437 CVE-2024-56717 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

CVE-2024-4230

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure,...

CVE-2024-4230

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure,...

CVE-2024-4230

CVE-2024-4230 affects Edgecross Basic Software for Windows (1.00 and later) and Edgecross Basic Software for Developers (1.00 and later). The root cause is an External Control of File Name or Path vulnerability that could allow a local attacker to execute arbitrary code, with potential for inform...

CVE-2024-4229

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering...

PT-2024-29839 · Unknown · Edgecross Basic Software For Windows +1

Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...

PT-2024-29850 · Unknown · Edgecross Basic Software For Windows +1

Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...