PT-2026-22030

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description n8n is an open source workflow automation platform. A flaw exists in the JavaScript Task Runner sandbox, potentially allowing an authenticated...

CVE-2025-14766

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Mitigation To mitigate this issue, users should avoid visiting untrusted websites or opening...

security-vulnerabilities-and-protection-measures

Security Vulnerabilities and Protection Measures Submitted...

EUVD-2022-1270

Malicious code in bioql PyPI...

EUVD-2025-22089

Malicious code in bioql PyPI...

EUVD-2025-26130

Malicious code in bioql PyPI...

GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

CVE-2025-58048

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

PT-2025-27662 · Enensys · Enensys Ipguard

Name of the Vulnerable Software and Affected Versions: ENENSYS IPGuard v2 version 2.10.0 Description: The issue concerns hardcoded credentials in the software. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world inciden...

PT-2025-27155 · Unknown · Quantumcloud Chatbot

Name of the Vulnerable Software and Affected Versions: QuantumCloud ChatBot versions n/a through 6.7.3 Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions...

PT-2025-26341 · WordPress · Grandplugins Image Sizes Controller +2

Name of the Vulnerable Software and Affected Versions: GrandPlugins Image Sizes Controller versions 1.0.0 through 1.0.9 Create Custom Image Sizes versions 1.0.0 through 1.0.9 Disable Image Sizes versions 1.0.0 through 1.0.9 Description: The issue is related to a Missing Authorization vulnerabilit...

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

GHSA-CVX7-X8PJ-X2GW CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

SUSE: Security Advisory (SUSE-SU-2024:3561-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

CVE-2021-3439

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities...

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

AMD SMM Vulnerabilities February 2025 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerabilities. HP has...

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage: https://code-projects.org/ Software Link:...