Exploit for Missing Authentication for Critical Function in Projectsend

ProjectSend CVE-2024-11680 Exploit This is a proof-of-concept...

CVE-2025-34207

Vasion Print (Virtual Appliance Host and Application) before versions 22.0.1049 and 20.0.2786 respectively use insecure SSH client settings in Docker: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. This disables host key verification and forwards the SSH agent, enab...

SUSE: Security Advisory (SUSE-SU-2025:03087-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for perl-Authen-SASL, perl-Crypt-URandom

This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Shipped in version 0.540.0 0.54. Patch Instructions: To install this SUSE update use the SUSE...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2021-27660

CVE-2021-27660 affects Johnson Controls C-CURE 9000. The vulnerability arises from an insecure client auto-update feature (improper input validation CWE-20) that can enable remote execution of lower-privileged Windows programs. Impact is high (C/H/I/H/A/H) with network vector and low attack compl...

CVE-2021-27660 C-CURE 9000

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

Insecure Client-Access Policy

The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...

CVE-2011-2040

The helper application in Cisco AnyConnect Secure Mobility Client formerly AnyConnect VPN Client before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file vpndownloader.exe without verifying its authenticity, which allows remote attackers to execute...