CVE-2026-33486

CVE-2026-33486 affects Roadiz and specifically the roadiz/documents component. The vulnerability is an SSRF/LFI flaw in theDownloadedFile::fromUrl() flow that occurs when importing external media; an attacker-controlled URL can be used with file:// to read local server files (including environmen...

CVE-2026-33486

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...

CVE-2023-37525 HCL BigFix Compliance is vulnerable to a sensitive information disclosure

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

Newgen OmniDocs security vulnerabilities

Newgen OmniDocs is an enterprise content management suite provided by Newgen Corporation. There is a security vulnerability in Newgen OmniDocs, which stems from the lack of authentication and access control on the /omnidocs/GetListofCabinet API endpoint. This vulnerability could allow remote...

PT-2026-4467

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs affected versions not specified Description An unauthenticated information disclosure issue exists in Newgen OmniDocs. The /omnidocs/GetListofCabinet API endpoint lacks proper authentication and access control, allowing an...

ownCloud < 10.15.1 Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

Lexmark Printers Path Traversal (CVE-2021-44737)

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2017-5695

Malware in sbrugna...

EUVD-2021-19307

Malware in sbrugna...

EUVD-2016-5049

Malware in sbrugna...

EUVD-2019-17846

Malware in sbrugna...

EUVD-2016-9837

Malware in sbrugna...

EUVD-2021-2003

Malware in sbrugna...

EUVD-2024-36946

Malicious code in bioql PyPI...

EUVD-2021-31552

Malicious code in bioql PyPI...

EUVD-2022-34193

Malicious code in bioql PyPI...

EUVD-2025-30814

Malicious code in bioql PyPI...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57430

The CVE-2025-57430 affects Creacast Creabox Manager 4.4.4, where a publicly accessible /get endpoint leaks internal configuration data, including the creacodec.lua file that contains plaintext admin credentials. This exposes sensitive configuration details and credential data via network access. ...