432 matches found
Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...
CVE-2026-10886
Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
Exploit for CVE-2026-4885
CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...
OESA-2026-2262 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" wher...
PT-2026-32225
Name of the Vulnerable Software and Affected Versions TOTOLINK A7000R versions up to 9.1.0u.6115 Description A stack-based buffer overflow exists in the setWiFiEasyGuestCfg function within the '/cgi-bin/cstecgi.cgi' file. This issue is triggered by the manipulation of the ssid5g argument, allowin...
@grackle-ai/powerline Runs Without Authentication by Default
Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...
Exploit for CVE-2026-1522
CVE-2026-1522 Advanced Mass Exploiter...
CVE-2025-1812
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2025-1156
A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. This vulnerability affects unknown code of the file /servlet?act=login. The manipulation of the argument usuario leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-13780
pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
CVE-2025-13780
pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
Exploit for Missing Authentication for Critical Function in Langflow
CVE-2025-3248: Langflow Unauthenticated RCE Vulnerability Scan...
CVE-2025-9552 Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules:...
EUVD-2017-0918
Malware in sbrugna...
EUVD-2015-1038
Malware in sbrugna...
EUVD-2014-1175
Malware in sbrugna...
EUVD-2006-4076
Malware in sbrugna...
EUVD-2024-47538
Malicious code in bioql PyPI...
EUVD-2023-12360
Malicious code in bioql PyPI...