CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

CVE-2025-48418

The CVE-2025-48418 entry describes a hidden functionality privilege-escalation vulnerability affecting Fortinet FortiAnalyzer and FortiManager (including cloud variants) across multiple versions (FortiAnalyzer: 6.4 all, 7.0.x–7.6.3; FortiAnalyzer Cloud: 6.4 all, 7.0.1–7.6.3; FortiManager: 6.4 all...

CVE-2025-63067

Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-62057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62054

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through = 4.1.8...

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

EUVD-2023-26479

Malicious code in bioql PyPI...

EUVD-2024-53101

Malicious code in bioql PyPI...

EUVD-2024-50035

Malicious code in bioql PyPI...

EUVD-2025-18253

Malicious code in bioql PyPI...

EUVD-2022-46485

Malicious code in bioql PyPI...

CVE-2022-43464

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through = 0.4.14...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-26859

In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in pagepool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...

CVE-2023-35995

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability...

Denial of service

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...

CVE-2023-35991

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...