CVE-2018-19465

Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...

EUVD-2019-10158

Malware in sbrugna...

EUVD-2018-1157

Malware in sbrugna...

EUVD-2022-7245

Malicious code in bioql PyPI...

EUVD-2024-19637

Malicious code in bioql PyPI...

EUVD-2024-47051

Malicious code in bioql PyPI...

EUVD-2024-20845

Malicious code in bioql PyPI...

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence AI-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 CVSS score: 7.2, has been codenamed MCPoison by Check Point Research, owing ...

CVE-2025-6072 Stack Buffer Overflow in MQTTCore

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...

CVE-2021-26551

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2019-13923

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway All versions. The integrated configuration web server of the affected device could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for ...

CVE-2025-32180 WordPress CSS3 Tooltips for WordPress <= 1.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n/a through 1.8...

Security Bulletin: Security vulnerability in Apache Kafka clients affects IBM Business Automation Workflow Case Event Emitters - CVE-2024-31141

Summary IBM Business Automation Workflow Case Event Emitters package a vulnerable version of Apache Kafka clients. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apac...

PT-2025-29263

Name of the Vulnerable Software and Affected Versions Gigabyte motherboards affected versions not specified Intel® H110 Intel® Z170, H170, B150, Q170 Intel® Z270, H270, B250, Q270 Intel® Z370, B365 Intel® Z390, H310, B360, Q370, C246 Intel® Z490, H470, H410, W480 Intel® Z590, B560, H510, Q570...

VMware vCenter Server 8.0.2 Privilege Escalation

VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...

CVE-2025-2095 TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41005)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

CVE-2023-38043

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service DoS condition on the user machine and, in some cases, resulting in a full...

CVE-2022-24026

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...