EUVD-2017-1968

Malware in sbrugna...

EUVD-2025-21553

Malicious code in bioql PyPI...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

Microsoft PC Manager Elevation of Privilege Vulnerability (Jul 2025) - Windows

Microsoft PC Manager is prone to an elevation of privilege vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-53169

Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness...

Exploit for PHP Remote File Inclusion in Wpplugins Hide_My_Wp_Ghost

CVE-2025-26909 Vulnerability Scanner A Python-based scanner a...

Adobe Dreamweaver Arbitrary Code Vulnerability (APSB25-35) - Windows

Adobe Dreamweaver is prone to an arbitrary code vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:dreamweaver"...

Microsoft Edge (Chromium-Based) Spoofing Vulnerability (May 2025)

Microsoft Edge Chromium-Based is prone to a spoofing vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Office 2016 RCE Vulnerabilities (KB5002693)

This host is missing an important security update according to Microsoft KB5002693 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Mac OS X

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Exploit for CVE-2024-4956

CVE-2024-4956 CVE-2024-4956 is a serious path traversal vulne...

Microsoft Office 2016 Multiple Vulnerabilities (KB5002661)

This host is missing an important security update according to Microsoft KB5002661 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

HALO 2.13.1 CORS Issue

Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted Author: nu11secur1ty Date: 03/15/2024 Vendor: https://www.halo.run/ Software: https://github.com/halo-dev/halo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...

GHSA-8RC9-VXJH-QJF2 Vega's validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resultin...

Exploit for CVE-2022-44666

Microsoft Windows Contacts VCF/Contact/LDAP syslink control...

First depositer exploit can break share calculation

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

CVE-2022-30257

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Malicious User can Manipulate PreCT Mint Logic with Direct Base Token Transfer

Lines of code Vulnerability details Impact A bad actor can steal funds from future depositors by sending the base token directly to the Strategy or StrategyController contracts. This exploit is more effective the less shares that have already been distributed, perhaps early into the launch of the...