EUVD-2026-33671

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

GO-2026-4668 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2025-62503

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

EUVD-2024-51746

Malicious code in bioql PyPI...

EUVD-2021-6638

Malicious code in bioql PyPI...

CVE-2024-30219

Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for...

CVE-2024-13770

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

PT-2025-54583

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The QEMU software may experience an out-of-memory OOM condition when handling a large request originating from a guest virtual machine. This can potentially lead to denial of service...

CVE-2024-7412

The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the fu...

WordPress plugin No Update Nag 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-7412 No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure

The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the fu...

WordPress No Update Nag plugin <= 1.4.12 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin No Update Nag versions = 1.4.12...

PT-2023-6166 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the Windows TCP/IP protocol implementation. This can be exploited by a remote attacker to cause a denial of service. Recommendations...

PT-2023-36048 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details about the crash include the functions xmlDictLookupInternal, xmlDictLookup,...

Vulnerability discovered in Cisco Secure Web Appliance

A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...

PT-2022-25945 · Unknown · Eyesofnetwork

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork EON versions 5.3.11 and earlier Description: An issue allows unauthenticated SQL injection to occur. Recommendations: For EyesOfNetwork EON versions 5.3.11 and earlier, at the moment, there is no information about a newer versio...

Vulnerability found in Mozilla Firefox

Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...

CVE-2021-1210

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2019-1183

This information is being revised to indicate that this CVE CVE-2019-1183 is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required...