PT-2026-7236

Name of the Vulnerable Software and Affected Versions Agentflow versions affected versions not specified Description Agentflow, developed by Flowring, exhibits an authentication bypass condition. Unauthenticated remote attackers can exploit a specific functionality to obtain arbitrary user...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is one o...

CVE-2025-68718

KAYSUS KS-WR1200 routers, firmware 107, expose SSH and TELNET on the LAN interface with hardcoded credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password, and changing the management GUI password has no effect on SSH/TELNET authentication. Any...

CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

CVE-2025-66296

CVE-2025-66296 affects Grav (file-based CMS). Before 1.8.0-beta.27, the Admin plugin has a flaw: no username uniqueness validation when creating users. An account with create user permissions can register a new user using an existing admin username, set a new password/email, and then log in as th...

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

CVE-2025-48397

The CVE-2025-48397 issue affects Eaton Brightlayer Software Suite (BLSS). A privileged user could log in without sufficient credentials after enabling an application protocol. This vulnerability is fixed in the latest script patch, BLSS version 7.3.0.SCP004. Remediation is to upgrade to 7.3.0.SCP...

CVE-2025-62604

MeterSphere (open source continuous testing platform) contains a logic flaw prior to version 2.10.25-lts that allows retrieval of arbitrary user information. The underlying issue enables an unauthenticated attacker to log in as any user. A fix has been applied in version 2.10.25-lts. Practical im...

EUVD-2007-5667

Malware in sbrugna...

EUVD-2016-8017

Malware in sbrugna...

EUVD-2023-30268

Malicious code in bioql PyPI...

EUVD-2022-7569

Malicious code in bioql PyPI...

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

PT-2025-29719 · Eclipse · Eclipse Glassfish

Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish versions 7.0.16 and earlier Description: Eclipse GlassFish is susceptible to login brute-force attacks due to the absence of restrictions on the number of failed login attempts. Recommendations: Apply a configuration to limi...

PT-2025-27790 · Unknown · Epc2 Windows

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue allows the device to automatically log in the EPC2 Windows user during startup without requesting a password. Recommendations: At the moment, there is no information about a newer...

CVE-2024-12226

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions...

CVE-2025-47789

Horilla is an open-source HRMS affected in versions up to 1.3 where a crafted URL can redirect users to an external domain after login, enabling open redirection to arbitrary sites (e.g., phishing). The issue is tied to commit 1c72404df6888bb23af73c767fdaee5e6679ebd6, which fixes the vulnerabilit...

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

AZL-58986 CVE-2022-49535 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...