Linux Distros Unpatched Vulnerability : CVE-2026-31594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This lead...

CVE-2026-33501

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user...

PT-2026-24784

🚨 CVE-2026-31877 Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in...

CVE-2026-2017

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system provided by the Bangladeshi company Creativeitem. Version 7.0 of Creativeitem Academy LMS contains a security vulnerability. This vulnerability stems from insufficient validation of the string parameters in the /academy/blogs endpoi...

CVE-2024-41339

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...

EUVD-2019-13597

Malware in sbrugna...

EUVD-2017-9390

Malware in sbrugna...

EUVD-2020-2652

Malware in sbrugna...

EUVD-2022-6712

Malicious code in bioql PyPI...

EUVD-2025-6015

Malicious code in bioql PyPI...

EUVD-2025-22019

Malicious code in bioql PyPI...

EUVD-2023-2691

Malicious code in bioql PyPI...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xportalassembledesigner/jaxrs/widget...

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

PT-2025-28306 · Unknown · Hitsz-Ids Airda

Name of the Vulnerable Software and Affected Versions: hitzs-ids airda version 0.0.3 Description: A critical vulnerability exists in the execute function of the /v1/chat/completions file. Manipulation of the question argument results in SQL injection. The attack can be initiated remotely. The...

CVE-2025-53108 HomeBox Missing User Authorization

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...

PT-2025-27148 · Lychee · Lychee

Name of the Vulnerable Software and Affected Versions: Lychee versions prior to 6.6.13 Description: A critical Server-Side Request Forgery SSRF issue exists in the "/api/v2/Photo::fromUrl" endpoint, allowing an attacker to instruct the application's backend to make HTTP requests to any URL they...

GHSA-P67J-387G-75WC OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...