CVE-2026-49949

CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests...

(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getCFFNames function. The issue results from the lack of proper...

EUVD-2021-18339

Malware in sbrugna...

EUVD-2023-39753

Malicious code in bioql PyPI...

EUVD-2023-36856

Malicious code in bioql PyPI...

EUVD-2023-41450

Malicious code in bioql PyPI...

EUVD-2022-43988

Malicious code in bioql PyPI...

EUVD-2025-23398

Malicious code in bioql PyPI...

EUVD-2023-55036

Malicious code in bioql PyPI...

EUVD-2024-47290

Malicious code in bioql PyPI...

EUVD-2023-42367

Malicious code in bioql PyPI...

EUVD-2023-31129

Malicious code in bioql PyPI...

EUVD-2024-21237

Malicious code in bioql PyPI...

EUVD-2023-45709

Malicious code in bioql PyPI...

(Pwn2Own) QNAP QHora-322 do_fetch Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dofetch method. The issue results from the lack of proper...

CVE-2024-23973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...

CVE-2023-37564

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier,...

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CVE-2022-25915

Improper access control vulnerability in ELECOM LAN routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...