GHSA-GFMV-VH34-H2X5 Signal K Server: Unauthenticated Source Priorities Manipulation

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

(0Day) Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...

CVE-2025-10458

Parameters are not validated or sanitized, and are later used in various internal operations...

Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds function. The issue results from the...

Qibosoft 跨站脚本漏洞

Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...

CVE-2018-6633

In Micropoint proactive defense software 2.0.20266.0146, the driver file mp110005.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038...