EUVD-2024-54079

Malicious code in bioql PyPI...

CVE-2024-55594

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

PT-2025-10767 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.0.10 Fortinet FortiWeb versions 7.2.0 through 7.2.10 Fortinet FortiWeb versions 7.4.0 through 7.4.6 Description: The issue is related to the improper handling of syntactically invalid structures,...

OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...

GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

Design/Logic Flaw

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

Complaint Management System 4.0 - 'cid' SQL injection

Exploit Title: Complaint Management System 4.0 - 'cid' SQL injection Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Tested on: Windows 7 CVE : N/A Description: The...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

ManageEngine Desktop Central Dcpluginservelet Policy Bypass (CVE-2014-7862)

A policy bypass vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the Dcpluginservelet page when processing HTTPS requests...