CVE-2026-50571

creationtimestamp| type| source ---|---|--- 2026-06-08 12:27:23+00:00| seen| https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losungen-hotfix-verfugbar...

CVE-2026-40887 @vendure/core has a SQL Injection vulnerability

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...

CVE-2026-40887 @vendure/core has a SQL Injection vulnerability

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...

CVE-2026-3610

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

CVE-2026-3610

CVE-2026-3610 affects HSC Cybersecurity Mailinspector (up to 5.3.2-3). The issue is in the URL Handler’s file /mailinspector/mliUserValidation.php, where manipulating the argument error_description leads to a cross-site scripting vulnerability. The attack can be performed remotely; exploit public...

CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise HPE has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164 , carries a CVSS score of 10.0. HPE OneView is an IT...

CVE-2024-29190

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

SA-2023-08-08-CVE-2023-35084

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35084 Full details. Please log into the...

SA-2023-06-20-CVE-2023-28323

SECURITY ADVISORY 06-20-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-28323 Full details . Please log into the...

K12985: BIND vulnerability CVE-2011-1910

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

Vulnerability fixed in F-Secure Policy Manager

A vulnerability has been fixed in F-Secure Policy Manager from WithSecure. The vulnerability allows an authenticated malicious person able to write files to the server on which the application is running on. This can have several possible types of impact have, such as denial of service or executi...

Enalean Tuleap Open Alm SQL注入漏洞

Enalean Tuleap Open Alm is a free and open source tool from Enalean France. End-to-end traceability for application and system development. A SQL injection vulnerability exists in Community Edition version 11.16.99.173 and Enterprise Edition versions prior to 11.16-6 and 11.15-8 of Enalean Tuleap...

Loss of consistency with IDE-attached virtual hard disks when a Hyper-V host server experiences an unplanned restart

Loss of consistency with IDE-attached virtual hard disks when a Hyper-V host server experiences an unplanned restart Symptoms If a Windows Server 2012 or Windows Server 2008 R2-based Hyper-V host experiences an unplanned restart, and if volumes on virtual hard disks connected to a virtual IDE...

"STOP: 0x0000007E" error occurs when you write some data onto a CD or DVD in Windows Server 2008 R2 or in Windows 7

"STOP: 0x0000007E" error occurs when you write some data onto a CD or DVD in Windows Server 2008 R2 or in Windows 7 Not sure if this is the right fix? We've added this issue to our memory dump diagnostic which can confirm. Symptoms When you try to write some data onto a CD or DVD on a computer th...

Net Tools PKI server exploits

ISSUE 1 There is a vulnerability in an OEM version of software incorporated within the Net Tools PKI Server product. An attacker can, under rare circumstances, gain unauthorized access to the computer hosting the Enrollment and/or Administrative Web servers of the Net Tools PKI. The vulnerability...

SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit

I found a bug in the SmartFTP-D Server which will give an attacker full access to the server, if he has the right to write files on the server. For every user, the program is checking if a special Userfile exists Sample: Username=hacker & Userfile=hacker.FTPUser. If it exists, the configuration,...