CVE-2026-3787

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack...

CVE-2025-1207

A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather...

CVE-2025-15244

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...

EUVD-2025-36189

A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files x86\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed f...

CVE-2025-11642

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...

CVE-2025-11280 Frappe LMS Assignment Picture files direct request

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

EUVD-2025-20012

Malicious code in bioql PyPI...

EUVD-2024-33569

Malicious code in bioql PyPI...

CVE-2025-10761 Harness Login Endpoint login excessive authentication

A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack is considered ...

CVE-2025-9401

A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...

CVE-2025-8534 libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

PT-2025-28837 · Fnkvision · Fnk-Gu2

Name of the Vulnerable Software and Affected Versions: FNKvision FNK-GU2 versions up to 40.1.7 Description: A critical vulnerability has been found in the UART Interface component of FNKvision FNK-GU2, allowing for improper access control to the on-chip debug and test interface. The attack can be...

CVE-2025-4819

CVE-2025-4819 affects y_project Ruoyi 4.8.0, targeting the /monitor/online/batchForceLogout path in the Offline Logout component. The issue arises from manipulation of the ids argument, leading to improper authorization and enabling a remote attack. The exploit is described as high complexity, bu...

CVE-2025-4455

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library...

CVE-2025-3850

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is...

CVE-2025-3850

CVE-2025-3850 affects YXJ2018 SpringBoot-Vue-OnlineExam 1.0. The issue is described as improper authentication within the component API processing, enabling remote exploitation with high attack complexity and reported public disclosure. Multiple connected sources reiterate the vulnerability again...

CVE-2025-2920

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather...

CVE-2025-2093

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The...

CVE-2025-2119

The CVE-2025-2119 entry concerns Thinkware Car Dashcam F800 Pro (up to 20250226). A vulnerability in the Device Registration Handler allows use of default credentials, enabling an attack on the physical device. Reported impact is limited to credential misuse with low attack complexity (though use...