Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...

EUVD-2026-30107

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

Cisco Adaptive Security Appliance (ASA) Software TCP Flood DoS (cisco-sa-asa-dos-FCvLD6vR)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. - A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP S...

EUVD-2026-15278

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996macwritetxwi80211 Check frame length before accessing the mgmt fields in mt7996macwritetxwi80211 in order to avoid a possible oob access...

Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...

CVE-2025-57784

CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...

CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

PT-2026-2201

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The system lacks sufficient hardening, potentially allowing a user with management and maintenance access to view files containing credentials in plain text or other valuable information for an...

PT-2025-54218

Name of the Vulnerable Software and Affected Versions FortiOS affected versions not specified Description A flaw in FortiOS allows bypassing of multi-factor authentication MFA through manipulation of username case. This issue is currently being exploited. The exploitation involves tricking the...

A Strategic Response to the F5 BIG-IP Nation-State Breach 2025

In mid-October 2025, the cybersecurity landscape was dealt a severe blow. F5 disclosed a long-term, sophisticated breach by a nation-state threat actor. This incident exposed critical F5 BIG-IP vulnerabilities and triggered heightened scrutiny across enterprise edge infrastructure. This was not a...

CVE-2025-10239 Unintended command execution via troubleshooting scripts in Progress Flowmon

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...

EUVD-2018-7340

Malware in sbrugna...

EUVD-2025-25868

Malicious code in bioql PyPI...

PT-2025-38489

Name of the Vulnerable Software and Affected Versions Cognex In-Sight Explorer and In-Sight Camera Firmware affected versions not specified Description The software exposes a telnet-based service on port 23, intended for management operations like firmware upgrades and device reboots that require...

CVE-2020-6880

A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before...

CVE-2025-0110

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from the fact that a member of the data.all management team with access to an AWS account owned by a customer deploying data.all may be able to extract user data...

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10...

NETGEAR WNR614 Information Disclosure Vulnerability

The NETGEAR WNR614 is an N300 wireless router with external antenna from Netgear USA. The NETGEAR WNR614 suffers from an information disclosure vulnerability that originates from allowing an attacker to bypass authentication and access the management interface via an unspecified vector. No detail...

CVE-2024-2049 Server-Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP...