CVE-2026-52808 Gogs: Write-level collaborators can mutate admin-only repository settings via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

CVE-2021-0611

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810...

CVE-2025-64725

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

EUVD-2015-8991

Malware in sbrugna...

EUVD-2007-1824

Malware in sbrugna...

EUVD-2014-9793

Malware in sbrugna...

EUVD-2021-0402

Malware in sbrugna...

EUVD-2002-0862

Malware in sbrugna...

EUVD-2019-5064

Malware in sbrugna...

EUVD-2023-38397

Malicious code in bioql PyPI...

EUVD-2023-48488

Malicious code in bioql PyPI...

EUVD-2022-30987

Malicious code in bioql PyPI...

EUVD-2023-24985

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-6951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in...

Linux Distros Unpatched Vulnerability : CVE-2022-49768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p: transfd/p9conncancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to loca...

Linux Distros Unpatched Vulnerability : CVE-2022-49772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't ha...

CVE-2021-44651

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175...

PT-2025-11211 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: DataEase is an open source business intelligence and data visualization tool. A patch bypass issue allows authenticated users to read and deserialize arbitrary files through the background JDBC...