CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to roo...

CVE-2019-5322

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08. before 16.08.0009, 16.09. before 16.09.0007 and 16.10. before 16.10.0003...

CVE-2019-2703

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2019-5158

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware versio...

CVE-2019-5161

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges...

CVE-2019-18960

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes...

CVE-2018-1999018

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

CVE-2018-4017

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability...

CVE-2025-4980 Netgear DGND3700 mini_http currentsetting.htm information disclosure

A vulnerability has been found in Netgear DGND3700 1.1.00.151.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component minihttp. The manipulation leads to information disclosure. The attack can be initiated remotely. The explo...

CVE-2025-4905

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function loadqcpickl of the file basestation3/QC.py. The manipulation of the argument qcfile leads to deserialization. An attack has to be approached locally. The exploit has bee...

CVE-2025-4815

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplierupdate.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

CVE-2025-4552

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploi...

MariaDB 10.11.0 < 10.11.12 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.11.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.11.12 advisory. - Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected a...

CVE-2024-58134 Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. CVE-2020-12417 The Mozilla Foundation Security...

CVE-2025-3856

CVE-2025-3856 affects xxyopen Novel-Plus 5.1.0. The vulnerability is in the /book/searchByPage function, where the sort parameter is manipulated to trigger a SQL injection. It can be exploited remotely, and public disclosure exists. Connected documents consistently identify the vulnerable endpoin...

CVE-2025-30711

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2025-30727

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2025-30696

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...