CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)

PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...

Pharos Controls Mosaic Show Controller 访问控制错误漏洞

Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

Linksys E9450-SG 安全漏洞

The Linksys E9450-SG is a WiFi router from Linksys USA. A security vulnerability exists in the Linksys E9450-SG that originates from a local network attacker being able to send a specially crafted URL to access certain administrative functions without requiring login credentials...

ABB ALS-mini-s4 IP和ABB ALS-mini-s8 IP 访问控制错误漏洞

The ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP are both intelligent load management controllers from ABB Switzerland. An access control error vulnerability exists in the ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP that stems from a lack of authentication for critical functions...

EUVD-2022-24942

Malicious code in bioql PyPI...

CVE-2025-49406

CVE-2025-49406 concerns the WordPress Houzez theme (

PT-2024-28588

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Vouchers versions 4.9.4 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables attackers to bypass capability...

The vulnerability of the Ivanti EPM endpoint management software, related to defects in the deserialization mechanism, allows a hacker to access limited functions of the software.

The vulnerability of the Ivanti EPM endpoint management software relates to the bypassing of authentication processes. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to limited functions of the software...

CVE-2023-6514

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of this vulnerability may allow attackers to access restricted...

CVE-2022-36861

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...

The vulnerability of the Windows Error Reporting service on Windows operating systems allows a perpetrator to gain access to confidential information and system functions.

The vulnerability of the Windows Error Reporting service in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to access confidential information and system functions through a specially created application...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows a perpetrator to disclose protected information

The vulnerability of the Secure Boot protocol for Windows operating systems is related to errors in accessing debug functions during the loading process. Exploiting this vulnerability can allow attackers to disclose sensitive information, using a specially created application...

Sun Java Runtime Environment multiple security vulnerabilities

Multiple vulnerabilities allow sandbox protection bypass and system functions access...