Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

Dräger SC Monitoring devices 信任管理问题漏洞

The Dräger SC Monitoring devices are a series of clinical vital signs monitoring devices produced by the German company Dräger. The Dräger SC Monitoring devices have a vulnerability related to trust management. This vulnerability stems from hard-coded plaintext credentials in the source code, alo...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228.

Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circul...

CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...

CVE-2025-33229

The CVE-2025-33229 issue affects NVIDIA Nsight Visual Studio for Windows and its Nsight Monitor component. The vulnerability allows an attacker to execute arbitrary code with the same privileges as the Nsight Monitor process, potentially enabling privilege escalation, code execution, data tamperi...

MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

CVE-2025-62570

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally...

PT-2025-48340

Name of the Vulnerable Software and Affected Versions Apache Kvrocks versions 1.0.0 through 2.13.0 Description The MONITOR command in Apache Kvrocks has a flaw that can expose plaintext credentials. This issue affects versions 1.0.0 through 2.13.0. Recommendations Upgrade to version 2.14.0 to...

EUVD-2008-5006

Malware in sbrugna...

EUVD-2018-19551

Malware in sbrugna...

EUVD-2021-6919

Malicious code in bioql PyPI...

EUVD-2023-28589

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versio...

CVE-2025-4393

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before Jun...

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent, which stems from the failure to implement protective measures for the request structure, allows attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability can allow attackers to enhance their privileges by using specially crafted authorized HTTP requests...

CVE-2025-5815

The Traffic Monitor plugin for WordPress (up to version 3.2.2) is vulnerable due to a missing capability check in the tfcm_maybe_set_bot_flags()/tfcm_set_bot_flags AJAX path, allowing unauthenticated attackers to disable bot logging. This is an unauthenticated remote modification risk affecting t...

CVE-2025-5872 eGauge EG3000 Energy Monitor Setting missing authentication

A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

CVE-2006-4461

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors...

RLSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...