PT-2026-1666

Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Description The software contains an information disclosure issue that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit...

CVE-2019-25284 V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Reflected Cross-Site Scripting Vulnerability

V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's...

CVE-2019-16070

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

CVE-2024-2163

The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This makes it...

CVE-2025-1126

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000176 advisory. An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain...

PT-2026-1644

Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution RCE vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

EUVD-2025-206244

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.420.7, which stems from improperly cleaned Git Repository field inputs that could lead to comma...

Craft CMS 安全漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A security vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from improper handling of Twig template inputs and could lead to authenticated remote code execution...

PT-2026-1335

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including v4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection exists in the git source input fields of a resource, potentially allowing a...

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

...

MCP-SandboxScan: WASM-Based Secure Execution and Runtime Analysis for MCP Tools

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs e.g., environment secrets or local files. While existing scanners often focus on static artifacts, analyzing runtime...

Allocation of Resources Without Limits or Throttling

Overview sqlatypemodel is a Typed JSON fields for SQLAlchemy with automatic mutation tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncontrolled recursion when processing deeply nested JSON-like structures. An attacker can...

CVE-2025-15211 code-projects Refugee Food Management System refugee.php sql injection

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

PT-2025-54216

Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2 Description The Serverless Framework includes a command injection issue within the built-in MCP server package @serverless/mcp. This affects users utilizing the experimental MCP server featur...

GHSA-84R2-JW7C-4R5Q Picklescan has Incomplete List of Disallowed Inputs

Summary Currently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly pydoc.locate: Can dynamically resolve and import arbitrary...

EUVD-2025-205590

Picklescan has Incomplete List of Disallowed Inputs...

RockyLinux 8 : mingw-zlib (RLSA-2022:7813)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7813 advisory. zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 Tenable has extracted the preceding description block directly from th...