EUVD-2026-34831

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is an office knowledge management system developed by Galaxy Software Services. There is a security vulnerability in Galaxy Software Services Vitals ESP, which stems from improper authorization. This vulnerability could allow authenticated remote attackers to...

Interinfo DreamMaker security vulnerabilities

Interinfo DreamMaker is an application developed by Interinfo Corporation. Versions of Interinfo DreamMaker prior to October 22, 2025, contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for the /servlet/baServer3 endpoint, which could allow...

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

EUVD-2018-7264

Malware in sbrugna...

EUVD-2015-1330

Malware in sbrugna...

EUVD-2014-0394

Malware in sbrugna...

EUVD-2024-51879

Malicious code in bioql PyPI...

CVE-2025-8803

A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmmstatederegistered/gmmstateexception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 2.7.6 is able t...

CVE-2024-40531

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

CVE-2018-17179

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the maketask function in /interface/forms/eyemag/php/taskmanfunctions.php via /interface/forms/eyemag/taskman.php...

CVE-2025-0750

A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...

CVE-2025-0750

A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...

CVE-2025-24024 Mjolnir v1.9.0 accepts commands from any room

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature tha...

The vulnerability of the ovl component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ovl kernel component in the Linux operating system is related to errors in resource management functions such as ovlcreatereal and ovlmkdirreal. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2021-35964

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...

PT-2021-21084 · Orca Hcm · Orca Hcm

Name of the Vulnerable Software and Affected Versions: Orca HCM digital learning platform affected versions not specified Description: The management page of the Orca HCM digital learning platform does not perform identity verification, allowing remote attackers to execute management functions...

nss: NULL pointer dereference in several CMS functions resulting in a denial of service

In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service...

CVE-2014-5431

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...

The vulnerability of the identification management service of the Cisco Digital Network Architecture (DNA) Center allows a perpetrator to bypass the authentication process and gain control over identification management functions.

The vulnerability of the identification management service of the Cisco Digital Network Architecture DNA Center is related to insufficient security restrictions for critical management functions. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain...