CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

CVE-2023-40718

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets...

CVE-2016-10394

Initial xblsec revision does not have all the debug policy features and critical checks...

PT-2026-1715

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.5 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could modify instance-wide AI feature provider settings due to missing authorization checks ...

Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd.

Overview Multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. contain multiple vulnerabilities listed below. Path traversal CWE-22, CVE-2025-11540 Stack-based buffer overflow CWE-121, CVE-2025-11541, CVE-2025-11542 Improper validation of integrity check value CWE-354,...

Cisco Identity Services Engine (cisco-sa-ise-xxe-jWSbSDKt)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the licensing features ofCisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain...

Malicious code in x-clients-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 419d018f4db7282c5ea456563704c47d16246b1836a54f60696da59cb05cad04 The package x-clients-features was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview x-clients-features is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-1106

Malicious code in x-clients-features npm...

MAL-2026-95 Malicious code in x-clients-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 419d018f4db7282c5ea456563704c47d16246b1836a54f60696da59cb05cad04 The package x-clients-features was found to contain malicious code. Source: ghsa-malware...

Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...

PT-2026-6659

Name of the Vulnerable Software and Affected Versions time versions 0.3.6 through 0.3.46 rust-keylime versions prior to 0.2.8+116 python-uv-build versions prior to 0.10.2 SCCache versions prior to 0.13.0 Description The time crate provides date and time handling in Rust. Versions 0.3.6 through...

EUVD-2025-205728

Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.12...

CVE-2025-36228

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

CVE-2025-36228

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

CVE-2025-36228

CVE-2025-36228 affects IBM Aspera Faspex 5 (versions 5.0.0–5.0.14.1). The issue is inconsistent permissions between the UI and backend API, allowing users to access features that appeared disabled and potentially leading to misuse. Red Hat, CIRCL, NVD, and other feeds corroborate the same descrip...

EUVD-2025-205441

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

American Fuzzy Lop plus plus 4.35c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which stems from inconsistent permissions between the user interface and...