CVE-2026-40263

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

EUVD-2026-9045

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

EUVD-2015-1497

Malware in sbrugna...

EUVD-2021-11047

Malware in sbrugna...

EUVD-2024-0079

Malicious code in bioql PyPI...

EUVD-2024-0435

Malicious code in bioql PyPI...

IBM Sterling Connect:Express for Microsoft Windows 安全漏洞

IBM Sterling Connect:Express for Microsoft Windows is a secure file transfer gateway software from International Business Machines IBM. A security vulnerability exists in IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0 through 3.1.0.22, which stems from an insufficient account...

PT-2025-11206 · Unknown +1 · Sante Pacs Server.Exe +1

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The issue is related to a stack-based buffer overflow in the OpenSSL function EVP DecryptUpdate, which is called during login to the web server in Sante PACS Server.exe. This...

Elenos ETG150 Security Vulnerability

The Elenos ETG150 is an FM transmitter from Elenos. A security vulnerability exists in the Elenos ETG150 FM Transmitter version v3.12, which stems from a lack of rate limiting and allows an attacker to brute-force user credentials and have other unspecified effects...

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard previously tracked as NOBELIUM. This latest attack, combined with past activit...

CVE-2019-6964

CVE-2019-6964 involves a heap-based buffer over-read in the function Service_SetParamStringValue of cosa_x_cisco_com_ddns_dml.c within the RDK RDKB-20181217-1 CcspPandM module. The vulnerability arises when processing a DDNS AJAX configuration request containing exactly 64-byte username, password...

Foscam camera lacks multiple login restriction vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera lacks a multiple login restriction vulnerability, which can be exploited by an attacker to perform a strong attack on login credentials since the software...

Visale 1.0 pbpgst.cgi keyval Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17598/info Visale is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...