Vanna 代码问题漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier contained a code vulnerability. This vulnerability stemmed from improper handling of the updatesql/runsql functions in the file src/vanna/legacy/flask/init.py of the component Endpoint. It could lead to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001476 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by t...

CVE-2020-12030

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway...

PT-2025-50298

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.3.0 Description Filament, a collection of full-stack components for accelerated Laravel development, has an issue in how it manages recovery codes for application-based multi-factor authentication. The flaw...

ASB-A-407763772

Bulletin has no description...

OrangeHRM 代码问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code issue vulnerability exists in OrangeHRM versions 5.0 through 5.7, which...

TencentOS Server 3: grafana-pcp (TSSA-2024:0101)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0101 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2018-0639

Malware in sbrugna...

EUVD-2017-10392

Malware in sbrugna...

EUVD-2020-7131

Malware in sbrugna...

EUVD-2022-48939

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-2118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no...

CVE-2025-57087

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

Tenda AC18 Weak Password Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...

CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: LocatorURL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go...

CVE-2020-12621

The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

Grand Vice info Webopac 代码问题漏洞

Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A code issue vulnerability exists in Grand Vice info Webopac versions 6.x prior to 6.5.1 and 7.x prior to 7.2.3, which stems fr...