CVE-2026-34686

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored cross-site scripting (XSS) vulnerability. A low-privilege attacker can abuse vulnerable form fields to inject malicious scripts, which may execute in a victim’s ...

CVE-2026-2402

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...

CVE-2026-22898 QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

Microsoft Azure Arc 授权问题漏洞

Microsoft Azure Arc is a storage system provided by the American company Microsoft. It allows for the extension of the Azure platform into your environment. There are authorization-related vulnerabilities in Microsoft Azure Arc. Attackers can exploit these vulnerabilities to gain higher levels of...

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2021-47787

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration...

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information IELTS vulnerability exists in Newforma Project...

EUVD-2008-6816

Malware in sbrugna...

EUVD-2008-5273

Malware in sbrugna...

SAP NetWeaver Application Server和SAP ABAP Platform 授权问题漏洞

SAP NetWeaver Application Server and SAP ABAP Platform are both products of SAP, Germany.SAP NetWeaver Application Server is an application server.SAP ABAP Platform is an ABAP-based SAP ABAP Platform is an ABAP-based SAP solution. An authorization issue vulnerability exists in SAP NetWeaver...

CVE-2024-41689 Hard-coded Credentials Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...

CVE-2024-25738

Vulnerability summary : Open Library Foundation VuFind versions 2.0–9.1 before 9.1.1 have a Server-Side Request Forgery (SSRF) in the /Upgrade/FixConfig route. The issue lets a remote attacker overwrite local configuration files and could lead to Remote Code Execution, enabled when allow_url_incl...

CVE-2023-38002 IBM Storage Scale session fixation

IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208...

CVE-2024-30246

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which...

CVE-2024-30246 Tuleap deleting or moving an artifact can delete values from unrelated artifacts

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which...

ROS-2-1316

2.1316 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...

CVE-2023-31004

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...