Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal PostgreSQL SQL Injection Mass Scanner & E...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

EUVD-2026-27482

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...

CVE-2026-20082

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

SignalK Server has Path Traversal leading to information disclosure

Summary A Path Traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The validateAppId function blocks forward slashes / but not backslashes , which are treated as...

Signal K Server 路径遍历漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.20.3 contained a path traversal vulnerability. This vulnerability stemmed from the applicationData API’s lack of protection against path traversal, which could lead to...

EUVD-2020-8070

Malware in sbrugna...

CVE-2023-53591

CVE-2023-53591 affects the Linux kernel’s mlx5e offload path. The issue is a deadlock in the tc route query code when peer flows are created while holding the devcom rw semaphore. The patch refactors the code for lockless execution by making the devcom data pointer RCU-friendly, wrapping the pair...

CVE-2025-38725

CVE-2025-38725 affects the Linux kernel net: usb: asix_devices driver handling of ax88772 MDIO bus. Without a phy_mask, the driver could create up to 32 MDIO phy devices (addresses 0x00–0x1f). Only one main phy binds to the net phy driver, causing issues during suspend/resume where phy_polling_mo...

kernel: soundwire: cadence: fix invalid PDI offset

in Linux kernel soundwire, an offset is added to the PDI, which leads to an out-of-bounds error...

serialized-data-interface (=0.5.0) potentially affected by CVE-2024-41129 via ops (=2.0.0)

ops PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ops and may be impacted: - serialized-data-interface =0.5.0 Source cves: CVE-2024-41129 Source advisory: OSV:GHSA-HCMV-JMQH-FJGM...

PYSEC-2022-197

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2020-16104

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects:...

Sql injection

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects:...

Gallagher Group Command Centre SQL Injection Vulnerability

Gallagher Group Command Centre is a centralized control tool for Gallagher access control systems from Gallagher Group New Zealand. A SQL injection vulnerability exists in Gallagher Group Command Centre, which can be exploited by a remote attacker to execute arbitrary SQL against a third-party...

SQL Injection Vulnerability in EDI CMS ad***_na***.asp Page

ETA CMS is a simple, practical and efficient website builder. A SQL injection vulnerability exists in the adna.asp page of EDA CMS, which can be exploited by attackers to obtain sensitive information from the database...

CA Technologies Client Automation and Workload Automation AE Access Control Error Vulnerability

CA Automic Workload Automation is a suite of workload automation solutions from CA USA. The product includes features such as data-driven event automation, managed file transfer, version control and lifecycle management. An access control error vulnerability exists in CA Common Services DIA in CA...

CVE-2018-0410

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected...