PT-2026-40773

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability related to access control. This vulnerability arises from the endpoint POST /user/invited, which does not validate any invitation tokens,...

Ubuntu 25.10 : CRaC JDK 25 vulnerabilities (USN-7996-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7996-1 advisory. It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

CVE-2021-41187

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The...

PT-2025-51741

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 2.7.1 Description FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are susceptible to Stored Cross-Site Scripting XSS because of unsafe handling of browser-renderable user uploads...

EUVD-2019-17104

Malware in sbrugna...

EUVD-2024-52201

Malicious code in bioql PyPI...

EUVD-2023-31443

Malicious code in bioql PyPI...

CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

GHSA-WGVP-JJ4W-88HF Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

PT-2025-27355 · Unknown · Langchain-Chatchat

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1 Description: A problematic vulnerability was found in Langchain-Chatchat, affecting unknown code of the file "/v1/files?purpose=assistants". This issue leads to path traversal and can be initiated...

CVE-2025-28073

phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...

PT-2025-19776 · Xinguan · Xinguan

Name of the Vulnerable Software and Affected Versions: Xinguan version 0.0.1-SNAPSHOT Description: The issue is related to incorrect access control in the "/system/user/findUserList" API endpoint, which allows attackers to access sensitive information by sending a crafted payload. Recommendations...

PT-2025-19727 · Shenzhen Sixun · Sixun Shanghui Group Business Management System

Name of the Vulnerable Software and Affected Versions: Shenzhen Sixun Software Sixun Shanghui Group Business Management System version 7 Description: A vulnerability was found in the system, affecting an unknown part of the file "/api/GylOperator/LoadData". The manipulation leads to information...

CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

PT-2025-18053 · Playedu · Playedu

Name of the Vulnerable Software and Affected Versions: playeduxyz PlayEdu versions 1.8 and earlier Description: A problem was found in the processing of the "/api/backend/v1/user/create" file of the User Avatar Handler component. The manipulation of the Avatar argument leads to server-side reques...

CVE-2024-9418

CVE-2024-9418 affects transformeroptimus/superagi v0.0.14, where the API endpoint /api/users/get/{id} returns plaintext user passwords. This flaw enables an attacker to retrieve another user’s password, enabling potential account takeover. Connected reports confirm the issue and the affected comp...

PT-2025-7059 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions 2.17.0 through 2.19.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in t...

PT-2025-5840 · Douphp · Douphp

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.8 Release 20231203 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in "/admin/article.php" API endpoint. This enables attackers to perform...