EUVD-2024-50195

Malicious code in bioql PyPI...

EUVD-2023-54720

Malicious code in bioql PyPI...

EUVD-2023-12334

Malicious code in bioql PyPI...

CVE-2025-45764

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute ...

CVE-2025-5262

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 139 and Thunderbird 128.11...

PT-2025-26717

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.5 macOS Sequoia versions prior to 15.5 Description A flaw allows a website to potentially spoof the domain name displayed in a pop-up window's title bar. This occurs due to improved truncation when displaying the...

You’ve Found a Vulnerability! Now What? A Guide to Responsible Disclosure.

Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed. Wordfence has been finding and disclosing vulnerabilities in WordPress core, WordPress plugins, and WordPress themes since 2011. Our research has...

Schneider Electric Modicon M580 UMAS function code 0x28 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x28 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

Node.js: Pull Request #12949 - Security Implications without CVE assignment

Summary: Pull Request 12949 has security implications but it was not assigned a CVE by the Node team. It is being reported by Qualys as a 6.8 severity issue without a CVE. Description: Here is the commit and pull request - https://github.com/nodejs/node/commit/010f864426...

TP-Link TL-WR841N V13 Cross Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Overview The web interface of the router is vulnerable to CSRF. An...

DlxSpot Shell Upload

Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

Relevanssi Premium 1.14.4 Code Execution Vulnerability

An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution. Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report:...

Airmail 3.0.2 Cross Site Scripting

Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...

ownCloud 6.0.0a - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author:...