CVE-2026-42129 Path Traversal in Loki Datasource leads to Internal Information Disclosure

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16131)

IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2025-36755

The CVE-2025-36755 entry describes the CleverDisplay BlueOne hardware player. When its USB interfaces are physically enclosed, the device is normally inaccessible; after circumventing the enclosure, a USB keyboard can be connected and ESC pressed during boot to access the BIOS setup interface. BI...

CVE-2025-36755 CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

WordPress plugin Icon List Block 代码问题漏洞

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

Rocket TRUfusion Enterprise 安全漏洞

Rocket TRUfusion Enterprise is a product lifecycle management platform from Rocket USA. A security vulnerability exists in Rocket TRUfusion Enterprise version 7.10.4.0 and earlier, which stems from the use of a static key to create an encrypted cookie, which could lead to a forged cookie and acce...

EUVD-2009-0478

Malware in sbrugna...

EUVD-2021-27012

Malware in sbrugna...

EUVD-2017-16891

Malware in sbrugna...

EUVD-2018-13548

Malware in sbrugna...

EUVD-2019-16712

Malware in sbrugna...

EUVD-2017-14486

Malware in sbrugna...

EUVD-2019-16350

Malware in sbrugna...

CVE-2025-58589

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...