EUVD-2026-38119

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...

Arista Networks EOS Security Update (SA0140)

The version of Arista Networks EOS running on the remote device is affected by a vulnerability as referenced in security advisory SA0140. - A user with local eos-admin privileges on affected Arista EOS Extensible Operating System platforms where secure boot is enabled can bypass Secure Boot...

Improper Authorization

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Improper Authorization in the deviceAuthorization plugin. An attacker can gain unauthorized access to a device or deny legitimate user sign-in by submitting ...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the correctlySpends process. An attacker can bypass output verification by supplying a crafted signature and public key pair, allowing unauthorized transaction validation. Remediation...

CVE-2025-68140

Summary: CVE-2025-68140 affects EVerest EV charging software stack prior to 2025.9.0, where an unregistered session can be assumed as 0, allowing unauthorized and anonymous indirect emission of MQTT messages and communication with V2G message handlers, potentially updating a session context. Tech...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...

CVE-2025-48590

CVE-2025-48590 affects the Android Framework component AppOpsService (verifyAndGetBypass). The issue describes a resource-exhaustion path that could allow a malicious local app to prevent dialing emergency services, causing local DoS without extra privileges or user interaction. Impact is limited...

SUSE CVE-2025-59941

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...

EUVD-2021-0090

Malware in sbrugna...

EUVD-2021-32739

Malicious code in bioql PyPI...

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the...

CVE-2022-37008

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability...

CVE-2025-20177

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the...

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

CVE-2023-52546

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2022-2503

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2906)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2906)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition in the Linux kernel before 5.6.2 between the VTDISALLOCATE ioctl and closing/opening of ttys could lead to a...

SUSE: Security Advisory (SUSE-SU-2022:3704-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3688-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3688-1 advisory. - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware...