CVE-2026-4400 Multiple vulnerabilities in 1millionbot Millie chatbot

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004854 advisory. In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pnpallocdev After commit 1fa5ae857bb1 driver core: get rid of struct...

EUVD-2020-19891

Malware in sbrugna...

EUVD-2024-48027

Malicious code in bioql PyPI...

CVE-2025-31511

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-12541

The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the addchativewidgetaction function. This makes it possible for unauthenticated attackers to change...

CVE-2024-7322

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...

CVE-2024-7322

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...

CVE-2024-7322 Dos in ZigBee device due to unsolicited encrypted rejoin response

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...

CVE-2024-7322 Dos in ZigBee device due to unsolicited encrypted rejoin response

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...

CVE-2024-7322

Silicon Labs EmberZNet Zigbee stack is affected: a Zigbee coordinator, router, or end device may change its node ID when it receives an unsolicited encrypted rejoin response, causing a Denial of Service (DoS). The DoS impact is network-wide and requires re-establishment of the network. Affected s...

PT-2025-3692 · Zigbee · Zigbee

Name of the Vulnerable Software and Affected Versions: ZigBee affected versions not specified Description: A ZigBee coordinator, router, or end device may change its node ID when it receives an unsolicited encrypted rejoin response. This change in node ID causes a Denial of Service DoS. To recove...

CLSA-2024-1718950656 Fix of 22 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26764 - aio: remove an outdated BUGON and comment in aiocomplete - aio: remove the extra getfile/fput pair in iosubmitone - aio: refactor read/write iocb setup - fs/aio: Restrict kiocbsetcancelfn to I/O submitted via libaio CVE-url:...

CVE-2024-27410

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

CVE-2024-27410 wifi: nl80211: reject iftype change with mesh ID change

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

PT-2024-25996 · Sunhillo · Sunhillo Sureline

Name of the Vulnerable Software and Affected Versions: Sunhillo SureLine versions through 8.10.0 Description: The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the /cgi/usrPasswd.cgi endpoint, specifically targeting the user...

CVE-2024-0590

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project id and add...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GMJ8-84R4-H46J rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery CSRF. An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue...