62 matches found
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
CVE-2021-0611
In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810...
CVE-2025-64725
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...
EUVD-2015-8991
Malware in sbrugna...
EUVD-2021-0402
Malware in sbrugna...
EUVD-2019-5064
Malware in sbrugna...
EUVD-2007-1824
Malware in sbrugna...
EUVD-2014-9793
Malware in sbrugna...
EUVD-2002-0862
Malware in sbrugna...
EUVD-2023-38397
Malicious code in bioql PyPI...
EUVD-2023-24985
Malicious code in bioql PyPI...
EUVD-2023-48488
Malicious code in bioql PyPI...
EUVD-2022-30987
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-6951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in...
Linux Distros Unpatched Vulnerability : CVE-2022-49768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p: transfd/p9conncancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to loca...
Linux Distros Unpatched Vulnerability : CVE-2022-49772
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't ha...
CVE-2021-44651
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175...
PT-2025-11211 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: DataEase is an open source business intelligence and data visualization tool. A patch bypass issue allows authenticated users to read and deserialize arbitrary files through the background JDBC...
Linux Distros Unpatched Vulnerability : CVE-2024-57902
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afpacket: fix vlangettci vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangettci to not touch skb at all, so that...