54 matches found
PT-2026-50782
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...
CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true , overriding Apache WSS4J’s safer default for validation RequestData . Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag,...
CVE-2024-27890
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...
PT-2026-45701
Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Description The Route OpenShift resource enables pods to be reachable at a subdomain via HAProxy. Insufficient validation of the spec.path YAML stanza in a Route document allows for controlled injectio...
PT-2026-40726
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...
CVE-2026-23819
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...
EUVD-2026-17961
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...
EUVD-2026-17877
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...
CVE-2025-66001 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)
NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks...
GHSA-XMQ3-Q5PM-RP26 Nuxt DevTools vulnerable to cross-site scripting (XSS)
A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...
EUVD-2008-6982
Malware in sbrugna...
EUVD-2018-2955
Malware in sbrugna...
EUVD-2020-17919
Malware in sbrugna...
EUVD-2000-0855
Malware in sbrugna...
EUVD-2007-1181
Malware in sbrugna...
PT-2025-40984
Name of the Vulnerable Software and Affected Versions versions prior to 2025-3719 Description An access control issue exists in the Command Line Interface CLI functionality. A specific access restriction is not properly enforced for users with limited privileges. This allows an authenticated user...
EUVD-2024-49621
Malicious code in bioql PyPI...
EUVD-2021-9818
Malicious code in bioql PyPI...
EUVD-2022-3983
Malicious code in bioql PyPI...
EUVD-2022-34349
Malicious code in bioql PyPI...