CVE-2025-13688

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

EUVD-2018-18709

Malware in sbrugna...

EUVD-2018-18710

Malware in sbrugna...

EUVD-2022-15863

Malicious code in bioql PyPI...

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

ASUS RT-AX88U Cross-Site Scripting Vulnerability (CNVD-2023-63441)

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...

SUSE CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

ASUS RT-AC86U OS Command Injection Vulnerability

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from an operating system command injection vulnerability that originates from not filtering the special characters of parameters in specific URLs, which can be exploited by a remote attacker wit...

Easytest 代码问题漏洞

Easytest is an online learning quiz platform of China Huaqi Digital Technology Company. A security vulnerability exists in Easytest due to an insufficient filtering of special characters and file types in its File Upload feature, which allows remote attackers with normal user privileges to upload...

Flowring Technology Agentflow BPM 授权问题漏洞

Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology. Flowring Technology Agentflow BPM suffers from an authorization vulnerability that arises from improper authentication of its enterprise management system, which could allow a remote attacker wi...

DEBIAN-CVE-2022-0812

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information...

CVE-2022-0812

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information...

Teamplus Pro 安全漏洞

Teamplus Pro is a private cloud version of the app from the Taiwan, China-based company Teamplus. A security vulnerability exists in Teamplus Pro v3.011.6.0.1 and prior versions, which stems from the fact that its Community Discussion feature's unrestricted access to threads containing a large...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation version 21.0.1 is vulnerable to an information disclosure...

QSAN Storage Manager Directory Traversal Vulnerability (CNVD-2021-50943)

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker to traverse files in an arbitrary directory...

QSAN Storage Manager 安全漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker with normal user privileges to traverse file...

QSAN Storage Manager 安全漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A directory traversal vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and earlier versions, which can be exploited by an attacker to traverse files in an arbitrary directory...

ZTE ZXHN H168N 信息泄露漏洞

The ZTE ZXHN H168N is a router from China's ZTE Corporation ZTE. The ZTE ZXHN H168N 3.5.0EG1T4TE suffers from an information disclosure vulnerability that originates from improper privilege settings, which can be exploited by an attacker with normal user privileges to obtain some sensitive user...