CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

syncbreeze-poc

includes notes and POC's for buffe...

CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7

CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7. A patched version of the package is available...

EUVD-2025-24247

Malicious code in bioql PyPI...

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

CVE-2025-40570

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 V10.0, SIPROTEC 5 7ST85 CP300 All versions V10.0, SIPROTEC 5 7ST86 CP300 All versions V10.0, SIPROTEC ...

CVE-2025-40570

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 V10.0, SIPROTEC 5 7ST85 CP300 All versions V10.0, SIPROTEC 5 7ST86 CP300 All versions V10.0, SIPROTEC ...

CVE-2025-40570

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 V10.0, SIPROTEC 5 7ST85 CP300 All versions V10.0, SIPROTEC 5 7ST86 CP300 All versions V10.0, SIPROTEC ...

CVE-2023-29095

Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...

AZL-58073 CVE-2023-52969 affecting package mariadb for versions less than 10.6.24-1

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2...

WordPress WP eMember plugin <= 10.7.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions v10.7.0...

GFI Kerio Connect 缓冲区错误漏洞

GFI Kerio Connect is a mail server and all-in-one collaboration tool from GFI. A security vulnerability exists in GFI Kerio Connect versions prior to 10.0.0 that stems from the presence of a stack-based buffer overflow vulnerability...

CVE-2019-13941

A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...