CVE-2026-40584

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...

CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

EUVD-2016-2939

Malware in sbrugna...

EUVD-2023-43119

Malicious code in bioql PyPI...

EUVD-2023-40778

Malicious code in bioql PyPI...

CVE-2021-1410

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...

CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

DEBIAN-CVE-2023-52524

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered...

CVE-2023-52524 net: nfc: llcp: Add lock when modifying device list

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered...

CVE-2023-39394

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified...

CVE-2023-39394

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified...

PT-2023-26922 · Unknown · Wifienhance

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the ar...

CVE-2023-36858

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

SUSE CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

The vulnerability in the implementation of the interaction protocol between the “ARM Reliezer” software and the “Communication Server” software of the EKRASMS-SP software suite allows a violator to modify the list of servers.

The vulnerability of the interaction protocol between the “ARM Rielshchika” software and the “Server Connect” software of the EKRASMS-SP suite lies in the absence of authentication in the mechanism for extending the list of servers. Exploiting this vulnerability allows a malicious actor to modify...

CVE-2016-3004

Cross-site request forgery CSRF vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications...

Unspecified Vulnerability in Cisco WebEx Meetings Server

Cisco WebEx Meetings are web conferencing solutions. The outlookpa component in Cisco WebEx Meetings Server fails to properly validate API inputs, allowing a remote attacker with a carefully constructed URL to be able to modify the invitation list for a meeting...

Design/Logic Flaw

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...