Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

ASB-A-435188844

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2025-68547

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

PT-2025-54348

Name of the Vulnerable Software and Affected Versions Realbig versions through 1.1.3 Description An authorization issue exists in Realbig due to incorrectly configured access control security levels. This allows for potential exploitation of the system. Recommendations Update Realbig to a version...

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

PT-2025-47196

Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description The software is susceptible to a Cross Site Scripting XSS issue. This flaw is located in the between-date-userreport.php script and affects the fromdate and todate parameters...

EUVD-2017-1851

Malware in sbrugna...

EUVD-2018-14503

Malware in sbrugna...

EUVD-2019-18838

Malware in sbrugna...

EUVD-2020-1613

Malware in sbrugna...

EUVD-2019-19162

Malware in sbrugna...

EUVD-2022-4323

Malicious code in bioql PyPI...

EUVD-2023-25168

Malicious code in bioql PyPI...

EUVD-2021-34024

Malicious code in bioql PyPI...

CVE-2023-41875

Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6...

CVE-2023-32585

Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through = 1.4.6...

CVE-2024-43157

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

PT-2024-3023 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a memory boundary read and can allow an attacker to disclose protected information. There is no information provided about the estimated number of potentially affect...

Microsoft’s December 2023 Patch Tuesday Addresses One Zero-day Vulnerability

Summary: In the December Patch Tuesday release, Microsoft addressed a total of 42 CVEs, including one zero-day vulnerability. Within this range of vulnerabilities, the security update covered the typical spectrum of issues, including RCE flaws, concerns related to privilege escalation, spoofing,...