EUVD-2026-14408

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires ...

EUVD-2023-12703

Malicious code in bioql PyPI...

EUVD-2024-16146

Malicious code in bioql PyPI...

EUVD-2023-58701

Malicious code in bioql PyPI...

EUVD-2024-47214

Malicious code in bioql PyPI...

EUVD-2025-7264

Malicious code in bioql PyPI...

EUVD-2025-15641

Malicious code in bioql PyPI...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-1123)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1123 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The...

CVE-2025-5149

CVE-2025-5149 affects WCMS up to version 8.3.11, specifically the Login component’s getMemberByUid function in /index.php?articleadmin/getallcon. The vulnerability stems from manipulating the uid parameter, causing improper authentication. Attacks can be launched remotely with high attack complex...

CVE-2024-9358

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...

CVE-2024-1748

A vulnerability classified as critical was found in vanderSchaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function loadmodelfromfile of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack ...

CVE-2024-9554

A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function CheckETCheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can...

CVE-2014-125057

A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...

CVE-2025-4894

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function genrsakeys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated...

CVE-2025-4272

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-3177 FastCMS JWT hard-coded key

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用：需在 web.xml 中配置 readonly=false...

CVE-2025-1181

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2025-1176

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function bfdelfgcmarkrsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather...

CVE-2024-4596

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...