Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in state-changing routes. An attacker can upload or delete files, create directories, and remove access control policies by sending unauthenticated requests to endpoints such as...

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR By Maulik Maheta and Chao Sun · December 17, 2025 Executive summary DCShadow is a covert post-exploitation technique that enables an attacker to impersonate a domain controller and make unauthorized,...

EUVD-2019-4972

Malware in sbrugna...

EUVD-2023-46285

Malicious code in bioql PyPI...

PT-2024-8687

Name of the Vulnerable Software and Affected Versions LibreNMS affected versions not specified Description The issue is related to the LibreNMS network monitoring system and concerns the lack of measures to neutralize special elements, which can be exploited by a remote attacker to execute...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path due to the use of an unprotected C:\Windows\Temp directory to copy and execute binaries. When a bundle runs as the SYSTEM user, it uses GetTempPathW which points to this insecure directory to drop and load multiple...

CVE-2023-41793

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through 776...

Artica Pandora FMS Path Traversal Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A path traversal vulnerability exists in Artica Pandora FMS versions 700 through 776 that could allow an attacker to chang...

CVE-2019-13517

In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account...

Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22664/info Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker may leverage this issue to gain access to potentially sensitive information about user permissions and accessed files...

openSUSE Security Update : icinga nagios-rpm-macros (openSUSE-SU-2012:1123-1)

This update fixes the following issues for icinga and nagios-rpm-macros: icinga : - reverted icinga home directory change - added missing dependency to the new recurring downtimes plugin - added a new package which provides the recurring downtimes scripts from contrib...

Microsoft Windows XP2003 - ReadDirectoryChangesW Information Disclosure

Microsoft Windows XP2003 - ReadDirectoryChangesW Information Disclosure // source: https://www.securityfocus.com/bid/22664/info Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker may leverage this issue to gain access to potentially sensitive information...

Cisco VPN 3000 Concentrator <= 4.1.7, 4.7.2 (FTP) Remote Exploit

No description provided by source. / Cisco VPN Concentrator 3000 FTP remote exploit ============================================== A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands. An...