CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

CVE-2021-22301

Mate 30 10.0.0.203C00E201R7P2 have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow...

CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

EUVD-2016-7415

Malware in sbrugna...

EUVD-2018-12360

Malware in sbrugna...

EUVD-2018-19649

Malware in sbrugna...

EUVD-2022-4831

Malicious code in bioql PyPI...

EUVD-2024-19773

Malicious code in bioql PyPI...

EUVD-2022-0629

Malicious code in bioql PyPI...

PT-2025-25199 · Simcom · Simcom Sim7600G

Name of the Vulnerable Software and Affected Versions: SIMCom SIM7600G modem affected versions not specified Description: The issue concerns an undocumented AT command in the SIMCom SIM7600G modem, allowing an attacker to execute system commands with root permission on the modem. This can be...

PT-2025-23906 · Crates.Io · Deno

Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...

CVE-2024-13128 LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9230 PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks...

CVE-2025-2499

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...

CVE-2024-7296

GitLab EE contains CVE-2024-7296: affected releases are 16.5 up to 17.7.7, 17.8 up to 17.8.5, and 17.9 up to 17.9.2. A user with a custom permission could approve pending membership requests beyond the configured cap, potentially granting access beyond allowed users. This is described across mult...

CVE-2024-53936

The CVE-2024-53936 issue affects the Android app com.asianmobile.callcolor (Color Phone Call Screen App) up to version 24. The vulnerability arises from the CallActivity component, which can be invoked via a crafted intent by any application with no permissions, enabling unauthorized phone calls ...

PT-2022-24804 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue allows attackers to specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them ...

Input validation

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

Android Application Allows Remote Access – No Permissions Required

Mobile security researchers at the firm Viaforensics say they have created a malicious mobile application that requires the phone user to grant no permissions during installation, but could give remote attackers the ability to install and execute malicious code on mobile devices running the Andro...

SudoEdit 1.6.8 - Local Change Permission

/ Copyright © Rosiello Security 2004 http://www.rosiello.org sudoedit Exploit SOFTWARE : sudoedit REFERENCE: http://www.sudo.ws/sudo/alerts/sudoedit.html DATE: 18/09/2004 Summary: A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that can give an attacker read permission to ...