EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...

EUVD-2026-31758

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...

GHSA-RVHR-26G4-P2R8 Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Summary A critical unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud SaaS - self-hosted deployments use native CouchDB...

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application developed by Rapid7, Inc. Versions of Rapid7 InsightVM prior to 8.34.0 contain security vulnerabilities. These vulnerabilities stem from issues with signature verification at the cloud point of the consumer service. As a...

CVE-2021-33666

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...

CVE-2025-59366

The CVE-2025-59366 issue affects AiCloud, with a critical authentication bypass caused by an unintended side effect of Samba functionality. PT-2025-48017 lists affected AiCloud versions prior to 3.0.0.4 386/388/0.6 102 and describes the vulnerability as allowing execution of specific router funct...

VulnCheck KEV: CVE-2024-12912

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

Unspecified Vulnerability in Microsoft Azure (CNVD-2025-24170)

Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. Microsoft Azure has a security vulnerability that can be exploited by an attacker who can elevate privileges...

EUVD-2016-6885

Malware in sbrugna...

EUVD-2021-16438

Malware in sbrugna...

EUVD-2016-7059

Malware in sbrugna...

EUVD-2019-13239

Malware in sbrugna...

EUVD-2020-30454

Malware in sbrugna...

EUVD-2016-6871

Malware in sbrugna...

EUVD-2023-25616

Malicious code in bioql PyPI...

EUVD-2022-7747

Malicious code in bioql PyPI...

yudao-cloud 授权问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. An authorization issue vulnerability exists in yudao-cloud version 2025.09 and earlier, which stems from improper authorization of the parameter contactId in the file /crm/contact/transfer, which could lead to remote...

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...